upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

For safety, ensure that any consumer of the set_regs() and

Browse source 
ptrace_set_pc() use the correct return to userspace using iret.

The signal return, PT_CONTINUE (which in fact uses signal return path)
set the pcb flag already.  The setcontext(2) enforces iret return when
%rip is incorrect.  Due to this, the change is redundand, but is made
to ensure that no path which modifies context, forgets to set
PCB_FULL_IRET.

Inspired by:	CVE-2014-4699
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2014-07-09 21:39:40 +00:00
parent b1396c9f98
commit fd815c0b8d
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/amd64/amd64/machdep.c
View file

@ -2144,7 +2144,9 @@ makectx(struct trapframe *tf, struct pcb *pcb)
int
ptrace_set_pc(struct thread *td, unsigned long addr)
{
td->td_frame->tf_rip = addr;
set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
return (0);
}
@ -2244,8 +2246,8 @@ set_regs(struct thread *td, struct reg *regs)
tp->tf_fs = regs->r_fs;
tp->tf_gs = regs->r_gs;
tp->tf_flags = TF_HASSEGS;
set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
}
set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
return (0);
}