From 3c1124cfdf2cf9a8fedc34da1863444f3bbc0f4a Mon Sep 17 00:00:00 2001 From: Marcel Moolenaar Date: Thu, 9 Mar 2000 17:52:01 +0000 Subject: [PATCH] Fix bug in linux_wait4 and linux_waitpid where garbage in the status argument could panic the kernel. Submitted by: Ian Dowse Prompted by: jkh, gallatin Approved by: prompters --- sys/compat/linux/linux_misc.c | 2 ++ sys/i386/linux/linux_misc.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 1835c9ce9480..1b2dd31988ad 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -988,6 +988,7 @@ linux_waitpid(struct proc *p, struct linux_waitpid_args *args) if (args->status) { if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0) return error; + tmpstat &= 0xffff; if (WIFSIGNALED(tmpstat)) tmpstat = (tmpstat & 0xffffff80) | BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat)); @@ -1031,6 +1032,7 @@ linux_wait4(struct proc *p, struct linux_wait4_args *args) if (args->status) { if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0) return error; + tmpstat &= 0xffff; if (WIFSIGNALED(tmpstat)) tmpstat = (tmpstat & 0xffffff80) | BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat)); diff --git a/sys/i386/linux/linux_misc.c b/sys/i386/linux/linux_misc.c index 1835c9ce9480..1b2dd31988ad 100644 --- a/sys/i386/linux/linux_misc.c +++ b/sys/i386/linux/linux_misc.c @@ -988,6 +988,7 @@ linux_waitpid(struct proc *p, struct linux_waitpid_args *args) if (args->status) { if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0) return error; + tmpstat &= 0xffff; if (WIFSIGNALED(tmpstat)) tmpstat = (tmpstat & 0xffffff80) | BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat)); @@ -1031,6 +1032,7 @@ linux_wait4(struct proc *p, struct linux_wait4_args *args) if (args->status) { if ((error = copyin(args->status, &tmpstat, sizeof(int))) != 0) return error; + tmpstat &= 0xffff; if (WIFSIGNALED(tmpstat)) tmpstat = (tmpstat & 0xffffff80) | BSD_TO_LINUX_SIGNAL(WTERMSIG(tmpstat));