From 1b4bb67169db8b71c59933f79c179a6715e07d38 Mon Sep 17 00:00:00 2001 From: David Greenman Date: Tue, 18 Oct 1994 04:40:41 +0000 Subject: [PATCH] Fixed bug I just introduced that would have allowed a user to clobber his kernel stack. --- sys/fs/procfs/procfs_mem.c | 10 ++++++---- sys/miscfs/procfs/procfs_mem.c | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/sys/fs/procfs/procfs_mem.c b/sys/fs/procfs/procfs_mem.c index 65cde1f1662..3b94a990753 100644 --- a/sys/fs/procfs/procfs_mem.c +++ b/sys/fs/procfs/procfs_mem.c @@ -37,7 +37,7 @@ * * @(#)procfs_mem.c 8.4 (Berkeley) 1/21/94 * - * $Id: procfs_mem.c,v 1.3 1994/09/15 19:47:47 bde Exp $ + * $Id: procfs_mem.c,v 1.4 1994/10/18 04:26:53 davidg Exp $ */ /* @@ -86,9 +86,11 @@ procfs_rwmem(p, uio) int fix_prot; uva = (vm_offset_t) uio->uio_offset; - if (uva >= VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE) { - error = 0; - break; + if (uva >= VM_MAXUSER_ADDRESS) { + if (writing || (uva >= (VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE))) { + error = 0; + break; + } } /* diff --git a/sys/miscfs/procfs/procfs_mem.c b/sys/miscfs/procfs/procfs_mem.c index 65cde1f1662..3b94a990753 100644 --- a/sys/miscfs/procfs/procfs_mem.c +++ b/sys/miscfs/procfs/procfs_mem.c @@ -37,7 +37,7 @@ * * @(#)procfs_mem.c 8.4 (Berkeley) 1/21/94 * - * $Id: procfs_mem.c,v 1.3 1994/09/15 19:47:47 bde Exp $ + * $Id: procfs_mem.c,v 1.4 1994/10/18 04:26:53 davidg Exp $ */ /* @@ -86,9 +86,11 @@ procfs_rwmem(p, uio) int fix_prot; uva = (vm_offset_t) uio->uio_offset; - if (uva >= VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE) { - error = 0; - break; + if (uva >= VM_MAXUSER_ADDRESS) { + if (writing || (uva >= (VM_MAXUSER_ADDRESS + UPAGES * PAGE_SIZE))) { + error = 0; + break; + } } /*