[PATCH] x86_64: Don't allow accesses below register frame in ptrace

There was a "off by one quad word" error in there. I don't think it is exploitable because it will only store into a unused area, but better to plug it. Found and fixed by John Blackwood Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Andi Kleen <ak@suse.de> 2005-05-20 17:27:56 -0400
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2005-05-20 18:48:20 -0400
commit: c4d1fcf3a2ea89b6d6221fa8b4588c77aff50995 (patch)
tree: dd102e8f2e67231b91055830b689f203aefdb6cb
parent: b41e29398a873945d02e0009ce7e57608fdb4042 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index 60dc9b98951d..525f6a128a27 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -380,7 +380,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
                        break;
                switch (addr) { 
-                case 0 ... sizeof(struct user_regs_struct):
+                case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
                        tmp = getreg(child, addr);
                        break;
                case offsetof(struct user, u_debugreg[0]):
@@ -425,7 +425,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
                        break;
                switch (addr) { 
-                case 0 ... sizeof(struct user_regs_struct): 
+                case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
                        ret = putreg(child, addr, data);
                        break;
                /* Disallows to set a breakpoint into the vsyscall */
author	Andi Kleen <ak@suse.de>	2005-05-20 17:27:56 -0400
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2005-05-20 18:48:20 -0400
commit	c4d1fcf3a2ea89b6d6221fa8b4588c77aff50995 (patch)
tree	dd102e8f2e67231b91055830b689f203aefdb6cb
parent	b41e29398a873945d02e0009ce7e57608fdb4042 (diff)

diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c index 60dc9b98951d..525f6a128a27 100644 --- a/arch/x86_64/kernel/ptrace.c +++ b/arch/x86_64/kernel/ptrace.c
@@ -380,7 +380,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
380	break;	380	break;
381		381
382	switch (addr) {	382	switch (addr) {
383	case 0 ... sizeof(struct user_regs_struct):	383	case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
384	tmp = getreg(child, addr);	384	tmp = getreg(child, addr);
385	break;	385	break;
386	case offsetof(struct user, u_debugreg[0]):	386	case offsetof(struct user, u_debugreg[0]):
@@ -425,7 +425,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
425	break;	425	break;
426		426
427	switch (addr) {	427	switch (addr) {
428	case 0 ... sizeof(struct user_regs_struct):	428	case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
429	ret = putreg(child, addr, data);	429	ret = putreg(child, addr, data);
430	break;	430	break;
431	/* Disallows to set a breakpoint into the vsyscall */	431	/* Disallows to set a breakpoint into the vsyscall */