From d25c879dc55dcc6a477fdce1c75382afec7596b8 Mon Sep 17 00:00:00 2001
From: Greg McGary <greg@mcgary.org>
Date: Thu, 27 Jul 2000 06:25:28 +0000
Subject: * sysdeps/gnu/bits/msq.h: Qualify kernel's

data structure pointers as __unbounded.
* sysdeps/unix/sysv/linux/mips/bits/shm.h: Likewise.
* sysdeps/generic/bp-semctl.h: New file.
* sysdeps/unix/sysv/linux/msgctl.c: Qualify kernel's data structure
pointers as __unbounded.  Check bounds of syscall args.
* sysdeps/unix/sysv/linux/msgrcv.c: Likewise.
* sysdeps/unix/sysv/linux/msgsnd.c: Likewise.
* sysdeps/unix/sysv/linux/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/semop.c: Likewise.
* sysdeps/unix/sysv/linux/shmat.c: Likewise.
* sysdeps/unix/sysv/linux/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/shmdt.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/i386/shmctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/msgctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/semctl.c: Likewise.
* sysdeps/unix/sysv/linux/sparc/sparc64/shmctl.c: Likewise.
2000-07-26  Greg McGary  <greg@mcgary.org>

	* sysdeps/gnu/bits/msq.h: Qualify kernel's
	data structure pointers as __unbounded.
	* sysdeps/unix/sysv/linux/mips/bits/shm.h: Likewise.
	* sysdeps/generic/bp-semctl.h: New file.
	* sysdeps/unix/sysv/linux/msgctl.c: Qualify kernel's data structure
	pointers as __unbounded.  Check bounds of syscall args.
	* sysdeps/unix/sysv/linux/msgrcv.c: Likewise.
	* sysdeps/unix/sysv/linux/msgsnd.c: Likewise.
	* sysdeps/unix/sysv/linux/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/semop.c: Likewise.
	* sysdeps/unix/sysv/linux/shmat.c: Likewise.
	* sysdeps/unix/sysv/linux/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/shmdt.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/alpha/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/i386/shmctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/msgctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/semctl.c: Likewise.
	* sysdeps/unix/sysv/linux/sparc/sparc64/shmctl.c: Likewise.
---
 sysdeps/unix/sysv/linux/semctl.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'sysdeps/unix/sysv/linux/semctl.c')

diff --git a/sysdeps/unix/sysv/linux/semctl.c b/sysdeps/unix/sysv/linux/semctl.c
index 7ea8ee6c39..0d64b95dba 100644
--- a/sysdeps/unix/sysv/linux/semctl.c
+++ b/sysdeps/unix/sysv/linux/semctl.c
@@ -34,10 +34,10 @@ struct __old_semid_ds
   struct __old_ipc_perm sem_perm;	/* operation permission struct */
   __time_t sem_otime;			/* last semop() time */
   __time_t sem_ctime;			/* last time changed by semctl() */
-  struct sem *__sembase;		/* ptr to first semaphore in array */
-  struct sem_queue *__sem_pending;	/* pending operations */
-  struct sem_queue *__sem_pending_last; /* last pending operation */
-  struct sem_undo *__undo;		/* ondo requests on this array */
+  struct sem *__unbounded __sembase;	/* ptr to first semaphore in array */
+  struct sem_queue *__unbounded __sem_pending; /* pending operations */
+  struct sem_queue *__unbounded __sem_pending_last; /* last pending operation */
+  struct sem_undo *__unbounded __undo;	/* ondo requests on this array */
   unsigned short int sem_nsems;		/* number of semaphores in set */
 };
 
@@ -50,6 +50,8 @@ union semun
   struct seminfo *__buf;	/* buffer for IPC_INFO */
 };
 
+#include <bp-checks.h>
+#include <bp-semctl.h>		/* definition of CHECK_SEMCTL needs union semum */
 
 /* Return identifier for array of NSEMS semaphores associated with
    KEY.  */
@@ -72,7 +74,8 @@ __old_semctl (int semid, int semnum, int cmd, ...)
 
   va_end (ap);
 
-  return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd, &arg);
+  return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd,
+			 CHECK_SEMCTL (&arg, semid, cmd));
 }
 compat_symbol (libc, __old_semctl, semctl, GLIBC_2_0);
 #endif
@@ -91,16 +94,19 @@ __new_semctl (int semid, int semnum, int cmd, ...)
   va_end (ap);
 
 #if __ASSUME_32BITUIDS > 0
-  return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd | __IPC_64, &arg);
+  return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd | __IPC_64,
+			 CHECK_SEMCTL (&arg, semid, cmd | __IPC_64));
 #else
-  switch (cmd) {
+  switch (cmd)
+    {
     case SEM_STAT:
     case IPC_STAT:
     case IPC_SET:
       break;
     default:
-      return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd, &arg);
-  }
+      return INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd,
+			     CHECK_SEMCTL (&arg, semid, cmd));
+    }
 
   {
     int save_errno = errno, result;
@@ -109,7 +115,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
 
     /* Unfortunately there is no way how to find out for sure whether
        we should use old or new semctl.  */
-    result = INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd | __IPC_64, &arg);
+    result = INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd | __IPC_64,
+			     CHECK_SEMCTL (&arg, semid, cmd | __IPC_64));
     if (result != -1 || errno != EINVAL)
       return result;
 
@@ -128,7 +135,8 @@ __new_semctl (int semid, int semnum, int cmd, ...)
 	    return -1;
 	  }
       }
-    result = INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd, &arg);
+    result = INLINE_SYSCALL (ipc, 5, IPCOP_semctl, semid, semnum, cmd,
+			     CHECK_SEMCTL (&arg, semid, cmd));
     if (result != -1 && cmd != IPC_SET)
       {
 	memset(buf, 0, sizeof(*buf));
-- 
cgit 1.4.1