From 3a164d18ff789eaf165d7d165ef3d6696956fdfc Mon Sep 17 00:00:00 2001
From: Michael Shalayeff <mickey@cvs.openbsd.org>
Date: Fri, 13 Feb 2004 00:05:53 +0000
Subject: on sigreturn check cs and rflags for evilness; from i386

---
 sys/arch/amd64/amd64/machdep.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sys')

diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index bf82df6856a..7571f885d92 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: machdep.c,v 1.3 2004/02/03 12:09:47 mickey Exp $	*/
+/*	$OpenBSD: machdep.c,v 1.4 2004/02/13 00:05:52 mickey Exp $	*/
 /*	$NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $	*/
 
 /*-
@@ -684,6 +684,10 @@ sys_sigreturn(struct proc *p, void *v, register_t *retval)
 	if (copyin((caddr_t)scp, &ksc, sizeof ksc))
 		return (error);
 
+	if (((ksc.sc_rflags ^ tf->tf_rflags) & PSL_USERSTATIC) != 0 ||
+	    !USERMODE(ksc.sc_cs, ksc.sc_eflags))
+		return (EINVAL);
+
 	ksc.sc_trapno = tf->tf_trapno;
 	ksc.sc_err = tf->tf_err;
 	bcopy(&ksc, tf, sizeof(*tf));
-- 
cgit v1.2.3