validate gate targets; sommerfeld, mycroft

author: deraadt <deraadt@openbsd.org> 2001-01-19 18:31:30 +0000
committer: deraadt <deraadt@openbsd.org> 2001-01-19 18:31:30 +0000
commit: f956c2d192a1a0a59caa9b1235068f95ced9f34e (patch)
tree: f254760784472f011c4ac932e7d61b40b28f3095
parent: as the rest of our systems, make the most common key return ^? not ^H; agreed with aaron (diff)
download: wireguard-openbsd-f956c2d192a1a0a59caa9b1235068f95ced9f34e.tar.xz
wireguard-openbsd-f956c2d192a1a0a59caa9b1235068f95ced9f34e.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/arch/i386/i386/sys_machdep.c b/sys/arch/i386/i386/sys_machdep.c
index b4bba0601c2..b1fb6877cfc 100644
--- a/sys/arch/i386/i386/sys_machdep.c
+++ b/sys/arch/i386/i386/sys_machdep.c
@@ -240,6 +240,17 @@ i386_set_ldt(p, args, retval)
 			break;
 		case SDT_SYS286CGT:
 		case SDT_SYS386CGT:
+			/*
+			 * Only allow call gates targeting a segment
+			 * in the LDT or a user segment in the fixed
+			 * part of the gdt.  Segments in the LDT are
+			 * constrained (below) to be user segments.
+			 */
+			if (desc.gd.gd_p != 0 && !ISLDT(desc.gd.gd_selector) &&
+			    ((IDXSEL(desc.gd.gd_selector) >= NGDT) ||
+			     (gdt[IDXSEL(desc.gd.gd_selector)].sd.sd_dpl !=
+				 SEL_UPL)))
+				return (EACCES);
 			/* Can't replace in use descriptor with gate. */
 			if (n == fsslot || n == gsslot)
 				return (EBUSY);
author	deraadt <deraadt@openbsd.org>	2001-01-19 18:31:30 +0000
committer	deraadt <deraadt@openbsd.org>	2001-01-19 18:31:30 +0000
commit	f956c2d192a1a0a59caa9b1235068f95ced9f34e (patch)
tree	f254760784472f011c4ac932e7d61b40b28f3095
parent	as the rest of our systems, make the most common key return ^? not ^H; agreed with aaron (diff)
download	wireguard-openbsd-f956c2d192a1a0a59caa9b1235068f95ced9f34e.tar.xz wireguard-openbsd-f956c2d192a1a0a59caa9b1235068f95ced9f34e.zip