CVS commit: [netbsd-5] src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-5] src/sys/kern
From: Soren Jacobsen <snj%netbsd.org@localhost>
Date: Thu, 10 Dec 2009 23:08:43 +0000

Module Name:    src
Committed By:   snj
Date:           Thu Dec 10 23:08:43 UTC 2009

Modified Files:
        src/sys/kern [netbsd-5]: sys_mqueue.c

Log Message:
Pull up following revision(s) (requested by drochner in ticket #1188):
        sys/kern/sys_mqueue.c: revision 1.28 via patch
fix some security critical bugs:
-an invalid signal number passed to mq_notify(2) could crash the kernel
on delivery -- add a boundary check
-mq_receive(2) from an empty queue crashed the kernel by NULL dereference
in timeout calculation -- handle the NULL case
-likewise for mq_send(2) to a full queue
-a user could set mq_maxmsg (the maximal number of messages in a queue)
to a huge value on mq_open(O_CREAT) and later use up all kernel
memory by mq_send(2) -- add a sysctl'able limit which defaults
to 16*mq_def_maxmsg
(mq_notify(2) should get some more checks, and SIGEV_* values other
than SIGEV_SIGNAL should be handled somehow, but this doesn't look
security critical)


To generate a diff of this commit:
cvs rdiff -u -r1.12.4.5 -r1.12.4.6 src/sys/kern/sys_mqueue.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-5] src/sys/dev/raidframe
Next by Date: CVS commit: [netbsd-5] src/sys/kern
Previous by Thread: CVS commit: [netbsd-5] src/sys/dev/raidframe
Next by Thread: CVS commit: [netbsd-5] src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index