Prevent silly states via knotes on pids > 2^32 and on nonexistent signals.

ok tedu@

diff --git a/regress/sys/kern/kqueue/kqueue-process.c b/regress/sys/kern/kqueue/kqueue-process.c
index d62b269..a579445 100644 (file)
--- a/regress/sys/kern/kqueue/kqueue-process.c
+++ b/regress/sys/kern/kqueue/kqueue-process.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kqueue-process.c,v 1.9 2016/03/17 19:40:43 krw Exp $  */
+/*     $OpenBSD: kqueue-process.c,v 1.10 2016/07/14 05:55:08 guenther Exp $    */
 /*
  *     Written by Artur Grabowski <art@openbsd.org> 2002 Public Domain
  */
@@ -10,6 +10,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <err.h>
+#include <errno.h>
 #include <unistd.h>
 #include <signal.h>
 
@@ -65,6 +66,14 @@ do_process(void)
        ASS(kevent(kq, &ke, 1, NULL, 0, NULL) == 0,
            warn("can't register events on kqueue"));
 
+       /* negative case */
+       EV_SET(&ke, pid + (1ULL << 32), EVFILT_PROC, EV_ADD|EV_ENABLE|EV_CLEAR,
+           NOTE_EXIT|NOTE_FORK|NOTE_EXEC|NOTE_TRACK, 0, NULL);
+       ASS(kevent(kq, &ke, 1, NULL, 0, NULL) != 0,
+           warnx("can register bogus pid on kqueue"));
+       ASS(errno == ESRCH,
+           warn("register bogus pid on kqueue returned wrong error"));
+
        kill(pid, SIGUSR1);     /* sync 1 */
 
        didfork = didchild = 0;

diff --git a/regress/sys/kern/kqueue/kqueue-signal.c b/regress/sys/kern/kqueue/kqueue-signal.c
index 0ad7b70..9798096 100644 (file)
--- a/regress/sys/kern/kqueue/kqueue-signal.c
+++ b/regress/sys/kern/kqueue/kqueue-signal.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kqueue-signal.c,v 1.1 2011/07/07 02:00:51 guenther Exp $      */
+/*     $OpenBSD: kqueue-signal.c,v 1.2 2016/07/14 05:55:08 guenther Exp $      */
 /*
  *     Written by Philip Guenther <guenther@openbsd.org> 2011 Public Domain
  */
@@ -71,6 +71,12 @@ do_signal(void)
        ASS(kevent(kq, &ke, 1, NULL, 0, NULL) == 0,
            warn("can't register events on kqueue"));
 
+       EV_SET(&ke, 10000, EVFILT_SIGNAL, EV_ADD|EV_ENABLE, 0, 0, NULL);
+       ASS(kevent(kq, &ke, 1, NULL, 0, NULL) != 0,
+           warnx("registered bogus signal on kqueue"));
+       ASS(errno == EINVAL,
+           warn("registering bogus signal on kqueue returned wrong error"));
+
        ASSX(saw_usr1 == 0);
        kill(pid, SIGUSR1);
        ASSX(saw_usr1 == 1);

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 3010c19..b5ba920 100644 (file)
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_event.c,v 1.73 2016/07/14 02:35:17 tedu Exp $    */
+/*     $OpenBSD: kern_event.c,v 1.74 2016/07/14 05:55:08 guenther Exp $        */
 
 /*-
  * Copyright (c) 1999,2000,2001 Jonathan Lemon <jlemon@FreeBSD.org>
@@ -216,6 +216,9 @@ filt_procattach(struct knote *kn)
            (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
                return pledge_fail(curproc, EPERM, PLEDGE_PROC);
 
+       if (kn->kn_id > PID_MAX)
+               return ESRCH;
+
        pr = prfind(kn->kn_id);
        if (pr == NULL)
                return (ESRCH);

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index 0d9eb78..374e58d 100644 (file)
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_sig.c,v 1.201 2016/07/06 15:53:01 tedu Exp $     */
+/*     $OpenBSD: kern_sig.c,v 1.202 2016/07/14 05:55:08 guenther Exp $ */
 /*     $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $   */
 
 /*
@@ -1824,6 +1824,9 @@ filt_sigattach(struct knote *kn)
 {
        struct process *pr = curproc->p_p;
 
+       if (kn->kn_id >= NSIG)
+               return EINVAL;
+
        kn->kn_ptr.p_process = pr;
        kn->kn_flags |= EV_CLEAR;               /* automatically set */