upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 09:41:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

imgact_binmisc: validate flags coming from userland

Browse source 
We may want to reserve bits in the future for kernel-only use, so start
rejecting any that aren't the two that we're currently expecting from
userland.

MFC after:	1 week
This commit is contained in:
Kyle Evans 2020-11-07 04:10:23 +00:00
parent 2c5e865059
commit 7d3ed9777a
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/kern/imgact_binmisc.c
View file

@ -434,6 +434,8 @@ sysctl_kern_binmisc(SYSCTL_HANDLER_ARGS)
return (error);
if (IBE_VERSION != xbe.xbe_version)
return (EINVAL);
if ((xbe.xbe_flags & ~IBF_VALID_UFLAGS) != 0)
return (EINVAL);
if (interp_list_entry_count == IBE_MAX_ENTRIES)
return (ENOSPC);
error = imgact_binmisc_add_entry(&xbe);

2
sys/sys/imgact_binmisc.h
View file

@ -53,6 +53,8 @@
#define IBF_ENABLED 0x0001 /* Entry is active. */
#define IBF_USE_MASK 0x0002 /* Use mask on header magic field. */
#define IBF_VALID_UFLAGS 0x0003 /* Bits allowed from userland. */
/*
* Used with sysctlbyname() to pass imgact bin misc entries in and out of the
* kernel.