From: deraadt <deraadt@openbsd.org>
Date: Mon, 26 Oct 2015 11:17:52 +0000 (+0000)
Subject: If the system call is entirely unpermitted, code will be 0, and there is
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=853c4e2e3010fd03c20c864f0733cee9cae3ffaa;p=openbsd

If the system call is entirely unpermitted, code will be 0, and there is
no pledge to recommend.
---

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 5632c9de725..6d8c74c9796 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.77 2015/10/26 11:11:45 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.78 2015/10/26 11:17:52 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -502,14 +502,17 @@ pledge_check(struct proc *p, int code, int *tval)
 int
 pledge_fail(struct proc *p, int error, int code)
 {
+	char *codes = "";
 	int i;
 
 	/* Print first matching pledge */
-	for (i = 0; pledgenames[i].bits != 0; i++)
-		if (pledgenames[i].bits & code)
+	for (i = 0; code && pledgenames[i].bits != 0; i++)
+		if (pledgenames[i].bits & code) {
+			codes = pledgenames[i].name;
 			break;
+		}
 	printf("%s(%d): syscall %d \"%s\"\n", p->p_comm, p->p_pid,
-	    p->p_pledge_syscall, pledgenames[i].name);
+	    p->p_pledge_syscall, codes);
 #ifdef KTRACE
 	ktrpledge(p, error, code, p->p_pledge_syscall);
 #endif
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index 3dd62d94a80..ec0f3204e2a 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kdump.c,v 1.117 2015/10/25 20:39:54 deraadt Exp $	*/
+/*	$OpenBSD: kdump.c,v 1.118 2015/10/26 11:17:52 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1988, 1993
@@ -1441,6 +1441,7 @@ ktrexec(const char *ptr, size_t len)
 static void
 ktrpledge(struct ktr_pledge *pledge, size_t len)
 {
+	char *name = "";
 	int i;
 
 	if (len < sizeof(struct ktr_pledge))
@@ -1451,12 +1452,13 @@ ktrpledge(struct ktr_pledge *pledge, size_t len)
 	else
 		(void)printf("%s", current->sysnames[pledge->syscall]);
 	printf(", ");
-	for (i = 0; pledgenames[i].bits != 0; i++) {
+	for (i = 0; pledge->code && pledgenames[i].bits != 0; i++) {
 		if (pledgenames[i].bits & pledge->code) {
-			printf("\"%s\"", pledgenames[i].name);
+			name = pledgenames[i].name;
 			break;
 		}
 	}
+	printf("\"%s\"", name);
 	(void)printf(", errno %d", pledge->error);
 	if (fancy)
 		(void)printf(" %s", strerror(pledge->error));