Author: will
Date: Mon Jul 18 01:03:39 2016
New Revision: 302975
URL: https://svnweb.freebsd.org/changeset/base/302975
Log:
libkvm: Bounds check (more) PTE indices.
Modified:
head/lib/libkvm/kvm_minidump_arm.c
head/lib/libkvm/kvm_minidump_i386.c
head/lib/libkvm/kvm_minidump_mips.c
Modified: head/lib/libkvm/kvm_minidump_arm.c
==============================================================================
--- head/lib/libkvm/kvm_minidump_arm.c Mon Jul 18 01:02:52 2016
(r302974)
+++ head/lib/libkvm/kvm_minidump_arm.c Mon Jul 18 01:03:39 2016
(r302975)
@@ -184,6 +184,8 @@ _arm_minidump_kvatop(kvm_t *kd, kvaddr_t
if (va >= vm->hdr.kernbase) {
pteindex = (va - vm->hdr.kernbase) >> ARM_PAGE_SHIFT;
+ if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+ goto invalid;
pte = _kvm32toh(kd, ptemap[pteindex]);
if ((pte & ARM_L2_TYPE_MASK) == ARM_L2_TYPE_INV) {
_kvm_err(kd, kd->program,
Modified: head/lib/libkvm/kvm_minidump_i386.c
==============================================================================
--- head/lib/libkvm/kvm_minidump_i386.c Mon Jul 18 01:02:52 2016
(r302974)
+++ head/lib/libkvm/kvm_minidump_i386.c Mon Jul 18 01:03:39 2016
(r302975)
@@ -162,6 +162,8 @@ _i386_minidump_vatop_pae(kvm_t *kd, kvad
if (va >= vm->hdr.kernbase) {
pteindex = (va - vm->hdr.kernbase) >> I386_PAGE_SHIFT;
+ if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+ goto invalid;
pte = le64toh(ptemap[pteindex]);
if ((pte & I386_PG_V) == 0) {
_kvm_err(kd, kd->program,
@@ -207,6 +209,8 @@ _i386_minidump_vatop(kvm_t *kd, kvaddr_t
if (va >= vm->hdr.kernbase) {
pteindex = (va - vm->hdr.kernbase) >> I386_PAGE_SHIFT;
+ if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap))
+ goto invalid;
pte = le32toh(ptemap[pteindex]);
if ((pte & I386_PG_V) == 0) {
_kvm_err(kd, kd->program,
Modified: head/lib/libkvm/kvm_minidump_mips.c
==============================================================================
--- head/lib/libkvm/kvm_minidump_mips.c Mon Jul 18 01:02:52 2016
(r302974)
+++ head/lib/libkvm/kvm_minidump_mips.c Mon Jul 18 01:03:39 2016
(r302975)
@@ -221,9 +221,13 @@ _mips_minidump_kvatop(kvm_t *kd, kvaddr_
if (va >= vm->hdr.kernbase) {
pteindex = (va - vm->hdr.kernbase) >> MIPS_PAGE_SHIFT;
if (vm->pte_size == 64) {
+ if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap64))
+ goto invalid;
pte = _kvm64toh(kd, ptemap64[pteindex]);
a = MIPS64_PTE_TO_PA(pte);
} else {
+ if (pteindex >= vm->hdr.ptesize / sizeof(*ptemap32))
+ goto invalid;
pte = _kvm32toh(kd, ptemap32[pteindex]);
a = MIPS32_PTE_TO_PA(pte);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
