From 576415f8dd98121f5e58f4fb2121d3c655f6f06f Mon Sep 17 00:00:00 2001 From: glebius Date: Wed, 16 Mar 2016 22:36:02 +0000 Subject: [PATCH] Merge r296956: Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. Submitted by: CORE Security Patch by: kib Security: SA-16:15 git-svn-id: svn://svn.freebsd.org/base/stable/9@296958 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/amd64/amd64/sys_machdep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c index a9e7a895d..cb2b31e8c 100644 --- a/sys/amd64/amd64/sys_machdep.c +++ b/sys/amd64/amd64/sys_machdep.c @@ -586,8 +586,8 @@ amd64_set_ldt(td, uap, descs) struct i386_ldt_args *uap; struct user_segment_descriptor *descs; { - int error = 0, i; - int largest_ld; + int error = 0; + unsigned int largest_ld, i; struct mdproc *mdp = &td->td_proc->p_md; struct proc_ldt *pldt; struct user_segment_descriptor *dp; -- 2.45.0