From fcfc1f2647c68bd8c9776e9e7f3a48cdab96126c Mon Sep 17 00:00:00 2001
From: nectar <nectar@FreeBSD.org>
Date: Sun, 10 Aug 2003 23:17:49 +0000
Subject: [PATCH] MFC sys_process.c 1.113, spigot.c 1.60: Add or correct range
 checking of signal numbers in system calls and ioctls.

MFC kern_sig.c 1.257:
panic() if we try to handle an out-of-range signal number in psignal()/
tdsignal().
---
 UPDATING               | 11 +++++++++++
 sys/conf/newvers.sh    |  2 +-
 sys/i386/isa/spigot.c  |  2 ++
 sys/kern/kern_sig.c    |  7 +++++--
 sys/kern/sys_process.c |  4 ++--
 5 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/UPDATING b/UPDATING
index 7609846986d2c5..c780f9cece518e 100644
--- a/UPDATING
+++ b/UPDATING
@@ -4,6 +4,17 @@ This file is maintained and copyrighted by M. Warner Losh
 <imp@village.org>.  See end of file for further details.  For commonly
 done items, please see the COMMON ITEMS: section later in the file.
 
+This is for the 5.1 release branch.  All entries since 5.0 are an
+itemized list of commits to this branch, numbered from the beginning.
+
+The security advisories related to various patches contain information
+on how to build/install a minimal set of binaries and start/stop a
+minimal number of processes, if possible, for that patch.  For those
+updates that don't have an advisory, or to be safe, you can do a full
+build and install as described in the COMMON ITEMS section.
+
+20030810:	p1	FreeBSD-SA-03:09.signal
+	Repair range-checking errors in signal handling.
 
 20030603:
 	FreeBSD 5.1
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index b82d65045a7c00..4ccb98e2dd1653 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.1"
-BRANCH="RELEASE"
+BRANCH="RELEASE-p1"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/i386/isa/spigot.c b/sys/i386/isa/spigot.c
index 2cbdc39c062dd4..bf37b90dc270f0 100644
--- a/sys/i386/isa/spigot.c
+++ b/sys/i386/isa/spigot.c
@@ -222,6 +222,8 @@ struct	spigot_info	*info;
 	if(!data) return(EINVAL);
 	switch(cmd){
 	case	SPIGOT_SETINT:
+		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
+			return EINVAL;
 		ss->p = td->td_proc;
 		ss->signal_num = *((int *)data);
 		break;
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index ef4948f48a5661..3dfa19f74be5ad 100644
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1534,6 +1534,9 @@ psignal(struct proc *p, int sig)
 	struct thread *td;
 	int prop;
 
+	if (!_SIG_VALID(sig))
+		panic("psignal(): invalid signal");
+
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 	prop = sigprop(sig);
 
@@ -1558,8 +1561,8 @@ tdsignal(struct thread *td, int sig)
 	register int prop;
 	struct sigacts *ps;
 
-	KASSERT(_SIG_VALID(sig),
-	    ("tdsignal(): invalid signal %d\n", sig));
+	if (!_SIG_VALID(sig))
+		panic("do_tdsignal(): invalid signal");
 
 	p = td->td_proc;
 	ps = p->p_sigacts;
diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c
index c281cee6fe9c12..eea0db92037470 100644
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@ -549,8 +549,8 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data)
 	case PT_STEP:
 	case PT_CONTINUE:
 	case PT_DETACH:
-		/* XXX data is used even in the PT_STEP case. */
-		if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
+		/* Zero means do not send any signal */
+		if (data < 0 || data > _SIG_MAXSIG) {
 			error = EINVAL;
 			goto fail;
 		}