Searched hist:121275 (Results 1 - 6 of 6) sorted by relevance
/freebsd-10.1-release/sys/compat/svr4/ | ||
H A D | svr4_util.h | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
H A D | svr4_signal.c | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
H A D | svr4_filio.c | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
H A D | svr4_sysvec.c | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
H A D | svr4_stream.c | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
H A D | svr4_misc.c | diff 121275 Mon Oct 20 08:38:48 MDT 2003 tjr Fix some security bugs in the SVR4 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in svr4_emul_find(), and clean_pipe(). - Avoid integer overflow on large nfds argument in svr4_sys_poll() - Reject negative nbytes argument in svr4_sys_getdents() - Don't copy out past the end of the struct componentname pathname buffer in svr4_sys_resolvepath() - Reject out-of-range signal numbers in svr4_sys_sigaction(), svr4_sys_signal(), and svr4_sys_kill(). - Don't malloc() user-specified lengths in show_ioc() and show_strbuf(), place arbitrary limits instead. - Range-check lengths in si_listen(), ti_getinfo(), ti_bind(), svr4_do_putmsg(), svr4_do_getmsg(), svr4_stream_ti_ioctl(). Some fixes obtain from OpenBSD. |
Completed in 125 milliseconds