aboutsummaryrefslogtreecommitdiffstats
path: root/arch/x86_64/kernel/ptrace.c
diff options
context:
space:
mode:
authorAndi Kleen <ak@suse.de>2005-05-20 17:27:56 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-05-20 18:48:20 -0400
commitc4d1fcf3a2ea89b6d6221fa8b4588c77aff50995 (patch)
treedd102e8f2e67231b91055830b689f203aefdb6cb /arch/x86_64/kernel/ptrace.c
parentb41e29398a873945d02e0009ce7e57608fdb4042 (diff)
[PATCH] x86_64: Don't allow accesses below register frame in ptrace
There was a "off by one quad word" error in there. I don't think it is exploitable because it will only store into a unused area, but better to plug it. Found and fixed by John Blackwood Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/x86_64/kernel/ptrace.c')
-rw-r--r--arch/x86_64/kernel/ptrace.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index 60dc9b98951d..525f6a128a27 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -380,7 +380,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
380 break; 380 break;
381 381
382 switch (addr) { 382 switch (addr) {
383 case 0 ... sizeof(struct user_regs_struct): 383 case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
384 tmp = getreg(child, addr); 384 tmp = getreg(child, addr);
385 break; 385 break;
386 case offsetof(struct user, u_debugreg[0]): 386 case offsetof(struct user, u_debugreg[0]):
@@ -425,7 +425,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data
425 break; 425 break;
426 426
427 switch (addr) { 427 switch (addr) {
428 case 0 ... sizeof(struct user_regs_struct): 428 case 0 ... sizeof(struct user_regs_struct) - sizeof(long):
429 ret = putreg(child, addr, data); 429 ret = putreg(child, addr, data);
430 break; 430 break;
431 /* Disallows to set a breakpoint into the vsyscall */ 431 /* Disallows to set a breakpoint into the vsyscall */