Page MenuHomeFreeBSD
Differential D53767

setcred(): Fix 32-bit compatibility copy-in
ClosedPublic
Actions

Authored by olce on Fri, Nov 14, 8:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 15, 9:32 PM
Unknown Object (File)
Sat, Nov 15, 2:21 PM
Unknown Object (File)
Sat, Nov 15, 2:21 PM
Unknown Object (File)
Sat, Nov 15, 2:21 PM
Unknown Object (File)
Sat, Nov 15, 12:45 PM
Unknown Object (File)
Sat, Nov 15, 12:17 PM
Unknown Object (File)
Sat, Nov 15, 10:47 AM
Unknown Object (File)
Sat, Nov 15, 5:49 AM
View All 12 Files
Subscribers
emaste
imp

Details

Reviewers
jhb
Commits
rGb0447186a624: setcred(): Fix 32-bit compatibility copy-in
rG190e6d67953c: setcred(): Fix 32-bit compatibility copy-in
rG4872b48b175c: setcred(): Fix 32-bit compatibility copy-in
Summary

For 32-bit processes on 64-bit architectures, a difference of 'int'
pointers was wrongly used as a number of bytes to copy in a memcpy()
used to internally construct a 64-bit 'struct setcred' from the 32-bit
variant, leading to copying only part of the 32-bit structure, and thus
to requesting credentials with garbage IDs except for the real and
effective user IDs.

This bug was spotted by jhb@, who produced a slightly more invasive fix
in D53757 (a switch to using CP() on all fields). In the interest of
minimizing the diff for possible inclusion in 15.0, the commit here just
limits itself to fixing the number of bytes to copy.

Reported by: jhb
Fixes: ddb3eb4efe55 ("New setcred() system call and associated MAC hooks")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

Test Plan

Boot-up a VM and test that a 32-bit mdo(1) works.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
4 lines

Diff 166504

View Options

sys/kern/kern_prot.c

Loading...