[src/trunk]: src/sys/arch/vax/vax Bogus context pointer sent to sigreturn() m...

[ragge <ragge%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e9646dbd3b76
branches:  trunk
changeset: 480590:e9646dbd3b76
user:      ragge <ragge%NetBSD.org@localhost>
date:      Sun Jan 16 12:43:52 2000 +0000

description:
Bogus context pointer sent to sigreturn() may crash the machine.
Bug found by der Mouse.

diffstat:

 sys/arch/vax/vax/machdep.c |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r 9222cb4fe9fb -r e9646dbd3b76 sys/arch/vax/vax/machdep.c
--- a/sys/arch/vax/vax/machdep.c        Sun Jan 16 12:22:56 2000 +0000
+++ b/sys/arch/vax/vax/machdep.c        Sun Jan 16 12:43:52 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: machdep.c,v 1.91 1999/12/11 17:51:34 ragge Exp $    */
+/* $NetBSD: machdep.c,v 1.92 2000/01/16 12:43:52 ragge Exp $    */
 
 /*
  * Copyright (c) 1994, 1998 Ludd, University of Lule}, Sweden.
@@ -347,6 +347,8 @@
 
        scf = p->p_addr->u_pcb.framep;
        cntx = SCARG(uap, sigcntxp);
+       if (uvm_useracc((caddr_t)cntx, sizeof (*cntx), B_READ) == 0)
+               return EINVAL;
 
        /* Compatibility mode? */
        if ((cntx->sc_ps & (PSL_IPL | PSL_IS)) ||
@@ -386,6 +388,8 @@
        scf = p->p_addr->u_pcb.framep;
        cntx = SCARG(uap, sigcntxp);
 
+       if (uvm_useracc((caddr_t)cntx, sizeof (*cntx), B_READ) == 0)
+               return EINVAL;
        /* Compatibility mode? */
        if ((cntx->sc_ps & (PSL_IPL | PSL_IS)) ||
            ((cntx->sc_ps & (PSL_U | PSL_PREVU)) != (PSL_U | PSL_PREVU)) ||