From 57f6e939d6e7768643714c829363a824842196f4 Mon Sep 17 00:00:00 2001
From: glebius <glebius@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 16 Mar 2016 22:46:57 +0000
Subject: [PATCH] Merge r296956:

  Due to invalid use of a signed intermediate value in the bounds checking
  during argument validity verification, unbound zero'ing of the process LDT
  and adjacent memory can be initiated from usermode.

Submitted by:   CORE Security
Patch by:       kib
Security:       SA-16:15
Approved by:	re (implicit)


git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296959 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/amd64/amd64/sys_machdep.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/amd64/amd64/sys_machdep.c b/sys/amd64/amd64/sys_machdep.c
index 98d47b867..ff3bd3edc 100644
--- a/sys/amd64/amd64/sys_machdep.c
+++ b/sys/amd64/amd64/sys_machdep.c
@@ -591,8 +591,8 @@ amd64_set_ldt(td, uap, descs)
 	struct i386_ldt_args *uap;
 	struct user_segment_descriptor *descs;
 {
-	int error = 0, i;
-	int largest_ld;
+	int error = 0;
+	unsigned int largest_ld, i;
 	struct mdproc *mdp = &td->td_proc->p_md;
 	struct proc_ldt *pldt;
 	struct user_segment_descriptor *dp;
-- 
2.42.0