]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/i386/user_ldt.c
xnu-4570.71.2.tar.gz
[apple/xnu.git] / osfmk / i386 / user_ldt.c
index 8b57914558b3924c89ef073b3a9ccf1ff4147c7e..35dd2cef786250a813c63b76ef44612c0a45efd7 100644 (file)
@@ -224,7 +224,6 @@ i386_set_ldt(
            } else {
                bzero(&new_ldt->ldt[start_sel - begin_sel], num_sels * sizeof(struct real_descriptor));
            }
            } else {
                bzero(&new_ldt->ldt[start_sel - begin_sel], num_sels * sizeof(struct real_descriptor));
            }
-
            /*
             * Validate descriptors.
             * Only allow descriptors with user privileges.
            /*
             * Validate descriptors.
             * Only allow descriptors with user privileges.
@@ -253,6 +252,12 @@ i386_set_ldt(
                        user_ldt_free(new_ldt);
                        return EACCES;
                }
                        user_ldt_free(new_ldt);
                        return EACCES;
                }
+               /* Reject attempts to create segments with 64-bit granules */
+               if (dp->granularity & SZ_64) {
+                       task_unlock(task);
+                       user_ldt_free(new_ldt);
+                       return EACCES;
+               }
            }
        }
 
            }
        }
 
@@ -292,9 +297,9 @@ i386_get_ldt(
        unsigned int    ldt_count;
        kern_return_t   err;
 
        unsigned int    ldt_count;
        kern_return_t   err;
 
-       if (start_sel >= 8192)
+       if (start_sel >= LDTSZ)
            return EINVAL;
            return EINVAL;
-       if ((uint64_t)start_sel + (uint64_t)num_sels > 8192)
+       if ((uint64_t)start_sel + (uint64_t)num_sels > LDTSZ)
            return EINVAL;
        if (descs == 0)
            return EINVAL;
            return EINVAL;
        if (descs == 0)
            return EINVAL;