* sysdeps/gnu/bits/msq.h: Qualify kernel's
data structure pointers as __unbounded. * sysdeps/unix/sysv/linux/mips/bits/shm.h: Likewise. * sysdeps/generic/bp-semctl.h: New file. * sysdeps/unix/sysv/linux/msgctl.c: Qualify kernel's data structure pointers as __unbounded. Check bounds of syscall args. * sysdeps/unix/sysv/linux/msgrcv.c: Likewise. * sysdeps/unix/sysv/linux/msgsnd.c: Likewise. * sysdeps/unix/sysv/linux/semctl.c: Likewise. * sysdeps/unix/sysv/linux/semop.c: Likewise. * sysdeps/unix/sysv/linux/shmat.c: Likewise. * sysdeps/unix/sysv/linux/shmctl.c: Likewise. * sysdeps/unix/sysv/linux/shmdt.c: Likewise. * sysdeps/unix/sysv/linux/alpha/msgctl.c: Likewise. * sysdeps/unix/sysv/linux/alpha/semctl.c: Likewise. * sysdeps/unix/sysv/linux/alpha/shmctl.c: Likewise. * sysdeps/unix/sysv/linux/i386/msgctl.c: Likewise. * sysdeps/unix/sysv/linux/i386/semctl.c: Likewise. * sysdeps/unix/sysv/linux/i386/shmctl.c: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc64/msgctl.c: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc64/semctl.c: Likewise. * sysdeps/unix/sysv/linux/sparc/sparc64/shmctl.c: Likewise.
This commit is contained in:
Greg McGary
parent
ca67152c2a
commit
1e43162758
@ -24,19 +24,20 @@
|
||||
#include <sysdep.h>
|
||||
#include <string.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <bp-checks.h>
|
||||
|
||||
#include "kernel-features.h"
|
||||
|
||||
struct __old_msqid_ds
|
||||
{
|
||||
struct __old_ipc_perm msg_perm; /* structure describing operation permission */
|
||||
struct msg *__msg_first; /* pointer to first message on queue */
|
||||
struct msg *__msg_last; /* pointer to last message on queue */
|
||||
struct msg *__unbounded __msg_first; /* pointer to first message on queue */
|
||||
struct msg *__unbounded __msg_last; /* pointer to last message on queue */
|
||||
__time_t msg_stime; /* time of last msgsnd command */
|
||||
__time_t msg_rtime; /* time of last msgrcv command */
|
||||
__time_t msg_ctime; /* time of last change */
|
||||
struct wait_queue *__wwait; /* ??? */
|
||||
struct wait_queue *__rwait; /* ??? */
|
||||
struct wait_queue *__unbounded __wwait; /* ??? */
|
||||
struct wait_queue *__unbounded __rwait; /* ??? */
|
||||
unsigned short int __msg_cbytes; /* current number of bytes on queue */
|
||||
unsigned short int msg_qnum; /* number of messages currently on queue */
|
||||
unsigned short int msg_qbytes; /* max number of bytes allowed on queue */
|
||||
@ -57,7 +58,7 @@ __new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
|
||||
of time. However, msg_qnum and msg_qbytes changed size at
|
||||
the same time the size of uid changed elsewhere. */
|
||||
#if __ASSUME_32BITUIDS > 0
|
||||
return INLINE_SYSCALL (msgctl, 3, msqid, cmd | __IPC_64, buf);
|
||||
return INLINE_SYSCALL (msgctl, 3, msqid, cmd | __IPC_64, CHECK_1 (buf));
|
||||
#else
|
||||
switch (cmd) {
|
||||
case MSG_STAT:
|
||||
@ -65,7 +66,7 @@ __new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
|
||||
case IPC_SET:
|
||||
break;
|
||||
default:
|
||||
return INLINE_SYSCALL (msgctl, 3, msqid, cmd, buf);
|
||||
return INLINE_SYSCALL (msgctl, 3, msqid, cmd, CHECK_1 (buf));
|
||||
}
|
||||
|
||||
{
|
||||
@ -74,7 +75,7 @@ __new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
|
||||
|
||||
/* Unfortunately there is no way how to find out for sure whether
|
||||
we should use old or new msgctl. */
|
||||
result = INLINE_SYSCALL (msgctl, 3, msqid, cmd | __IPC_64, buf);
|
||||
result = INLINE_SYSCALL (msgctl, 3, msqid, cmd | __IPC_64, CHECK_1 (buf));
|
||||
if (result != -1 || errno != EINVAL)
|
||||
return result;
|
||||
|
||||
@ -93,7 +94,7 @@ __new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
result = INLINE_SYSCALL (msgctl, 3, msqid, cmd, &old);
|
||||
result = INLINE_SYSCALL (msgctl, 3, msqid, cmd, __ptrvalue (&old));
|
||||
if (result != -1 && cmd != IPC_SET)
|
||||
{
|
||||
memset(buf, 0, sizeof(*buf));
|
||||
@ -120,4 +121,3 @@ __new_msgctl (int msqid, int cmd, struct msqid_ds *buf)
|
||||
|
||||
#include <shlib-compat.h>
|
||||
versioned_symbol (libc, __new_msgctl, msgctl, GLIBC_2_2);
|
||||
|
||||
|
||||
@ -49,6 +49,9 @@ union semun
|
||||
struct seminfo *__buf; /* buffer for IPC_INFO */
|
||||
};
|
||||
|
||||
#include <bp-checks.h>
|
||||
#include <bp-semctl.h> /* definition of CHECK_SEMCTL needs union semum */
|
||||
|
||||
extern int __syscall_semctl (int, int, int, void *);
|
||||
|
||||
/* Return identifier for array of NSEMS semaphores associated with
|
||||
@ -69,7 +72,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
|
||||
va_end (ap);
|
||||
|
||||
#if __ASSUME_32BITUIDS > 0
|
||||
return INLINE_SYSCALL (semctl, 4, semid, semnum, cmd | __IPC_64, &arg);
|
||||
return INLINE_SYSCALL (semctl, 4, semid, semnum, cmd | __IPC_64,
|
||||
CHECK_SEMCTL (&arg, semid, cmd | __IPC_64));
|
||||
#else
|
||||
switch (cmd) {
|
||||
case SEM_STAT:
|
||||
@ -77,7 +81,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
|
||||
case IPC_SET:
|
||||
break;
|
||||
default:
|
||||
return INLINE_SYSCALL (semctl, 4, semid, semnum, cmd, &arg);
|
||||
return INLINE_SYSCALL (semctl, 4, semid, semnum, cmd,
|
||||
CHECK_SEMCTL (&arg, semid, cmd));
|
||||
}
|
||||
|
||||
{
|
||||
@ -87,7 +92,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
|
||||
|
||||
/* Unfortunately there is no way how to find out for sure whether
|
||||
we should use old or new semctl. */
|
||||
result = INLINE_SYSCALL (semctl, 4, semid, semnum, cmd | __IPC_64, &arg);
|
||||
result = INLINE_SYSCALL (semctl, 4, semid, semnum, cmd | __IPC_64,
|
||||
CHECK_SEMCTL (&arg, semid, cmd | __IPC_64));
|
||||
if (result != -1 || errno != EINVAL)
|
||||
return result;
|
||||
|
||||
@ -106,7 +112,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
result = INLINE_SYSCALL (semctl, 4, semid, semnum, cmd, &arg);
|
||||
result = INLINE_SYSCALL (semctl, 4, semid, semnum, cmd,
|
||||
CHECK_SEMCTL (&arg, semid, cmd));
|
||||
if (result != -1 && cmd != IPC_SET)
|
||||
{
|
||||
memset(buf, 0, sizeof(*buf));
|
||||
|
||||
@ -25,6 +25,7 @@
|
||||
#include <string.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <bits/wordsize.h>
|
||||
#include <bp-checks.h>
|
||||
|
||||
#include "kernel-features.h"
|
||||
|
||||
@ -39,8 +40,8 @@ struct __old_shmid_ds
|
||||
__ipc_pid_t shm_lpid; /* pid of last shmop */
|
||||
unsigned short int shm_nattch; /* number of current attaches */
|
||||
unsigned short int __shm_npages; /* size of segment (pages) */
|
||||
unsigned long int *__shm_pages; /* array of ptrs to frames -> SHMMAX */
|
||||
struct vm_area_struct *__attaches; /* descriptors for attaches */
|
||||
unsigned long int *__unbounded __shm_pages; /* array of ptrs to frames -> SHMMAX */
|
||||
struct vm_area_struct *__unbounded __attaches; /* descriptors for attaches */
|
||||
};
|
||||
|
||||
struct __old_shminfo
|
||||
@ -61,7 +62,7 @@ int
|
||||
__new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
|
||||
{
|
||||
#if __ASSUME_32BITUIDS > 0
|
||||
return INLINE_SYSCALL (shmctl, 3, shmid, cmd | __IPC_64, buf);
|
||||
return INLINE_SYSCALL (shmctl, 3, shmid, cmd | __IPC_64, CHECK_1 (buf));
|
||||
#else
|
||||
switch (cmd) {
|
||||
case SHM_STAT:
|
||||
@ -70,7 +71,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
|
||||
case IPC_INFO:
|
||||
break;
|
||||
default:
|
||||
return INLINE_SYSCALL (shmctl, 3, shmid, cmd, buf);
|
||||
return INLINE_SYSCALL (shmctl, 3, shmid, cmd, CHECK_1 (buf));
|
||||
}
|
||||
|
||||
{
|
||||
@ -79,7 +80,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
|
||||
|
||||
/* Unfortunately there is no way how to find out for sure whether
|
||||
we should use old or new shmctl. */
|
||||
result = INLINE_SYSCALL (shmctl, 3, shmid, cmd | __IPC_64, buf);
|
||||
result = INLINE_SYSCALL (shmctl, 3, shmid, cmd | __IPC_64, CHECK_1 (buf));
|
||||
if (result != -1 || errno != EINVAL)
|
||||
return result;
|
||||
|
||||
@ -96,7 +97,7 @@ __new_shmctl (int shmid, int cmd, struct shmid_ds *buf)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
result = INLINE_SYSCALL (shmctl, 3, shmid, cmd, &old);
|
||||
result = INLINE_SYSCALL (shmctl, 3, shmid, cmd, __ptrvalue (&old));
|
||||
if (result != -1 && (cmd == SHM_STAT || cmd == IPC_STAT))
|
||||
{
|
||||
memset(buf, 0, sizeof(*buf));
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc.
|
||||
/* Copyright (C) 1995, 1996, 1997, 2000 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
@ -48,8 +48,8 @@ struct shmid_ds
|
||||
long int shm_lpid; /* pid of last shmop */
|
||||
unsigned short int shm_nattch; /* number of current attaches */
|
||||
unsigned short int __shm_npages; /* size of segment (pages) */
|
||||
unsigned long int *__shm_pages; /* array of ptrs to frames -> SHMMAX */
|
||||
struct vm_area_struct *__attaches; /* descriptors for attaches */
|
||||
unsigned long int *__unbounded __shm_pages; /* array of ptrs to frames -> SHMMAX */
|
||||
struct vm_area_struct *__unbounded __attaches; /* descriptors for attaches */
|
||||
};
|
||||
|
||||
#ifdef __USE_MISC
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user