sys-freebsd/freebsd-sources/files/freebsd-sources-7.2-pipe.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc

Index: sys/kern/sys_pipe.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/sys_pipe.c,v
retrieving revision 1.201
diff -p -u -I__FBSDID -I$FreeBSD -r1.201 sys_pipe.c
--- sys/kern/sys_pipe.c	10 Mar 2009 21:28:43 -0000	1.201
+++ sys/kern/sys_pipe.c	5 Jun 2009 07:53:01 -0000
@@ -761,6 +761,8 @@ pipe_build_write_buffer(wpipe, uio)
 	pmap = vmspace_pmap(curproc->p_vmspace);
 	endaddr = round_page((vm_offset_t)uio->uio_iov->iov_base + size);
 	addr = trunc_page((vm_offset_t)uio->uio_iov->iov_base);
+	if (endaddr < addr)
+		return (EFAULT);
 	for (i = 0; addr < endaddr; addr += PAGE_SIZE, i++) {
 		/*
 		 * vm_fault_quick() can sleep.  Consequently,