Module Name: src
Committed By: snj
Date: Fri Dec 18 05:34:18 UTC 2009
Modified Files:
src/doc [netbsd-5-0]: CHANGES-5.0.2
Log Message:
Ticket 1188.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-5.0.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.0.2
diff -u src/doc/CHANGES-5.0.2:1.1.2.32 src/doc/CHANGES-5.0.2:1.1.2.33
--- src/doc/CHANGES-5.0.2:1.1.2.32 Thu Dec 10 23:13:45 2009
+++ src/doc/CHANGES-5.0.2 Fri Dec 18 05:34:18 2009
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.0.2,v 1.1.2.32 2009/12/10 23:13:45 snj Exp $
+# $NetBSD: CHANGES-5.0.2,v 1.1.2.33 2009/12/18 05:34:18 snj Exp $
A complete list of changes from the NetBSD 5.0.1 release to the NetBSD 5.0.2
release:
@@ -879,3 +879,14 @@
array.
[drochner, ticket #1189]
+sys/kern/sys_mqueue.c 1.28
+
+ Fix some security critical bugs:
+ - An invalid signal number passed to mq_notify(2) could crash the
+ kernel on delivery -- add a boundary check
+ - A user could set mq_maxmsg (the maximal number of messages in a
+ queue) to a huge value on mq_open(O_CREAT) and later use up all
+ kernel memory by mq_send(2) -- add a sysctl'able limit which
+ defaults to 16*mq_def_maxmsg
+ [tron, ticket #1188]
+
