rcodi@yabbie.rmit.oz (Ian Donaldson) (09/22/88)
Files: /usr/src/sys/sys/tty.c O/S: 4.3bsd (vax release, but probably all) Priority: low (unless of course it affects -you-) Description: The 4.3bsd tty driver contains some code that assumes that a structure is contained within another structure, but there are no physical bindings between the two structures. ie: the code that handles the 4 ioctls: TIOCGETC, TIOCSETC, TIOCGLTC, TIOCSLTC assume that the structure that they copy in or out (ie: struct tchars or struct ltchars) aligns exactly with a component of struct ttychars (ie: t_intrc or t_suspc, respectively). Whilst this probably will work on most byte addressable machines, it is clearly unportable and a dangerous practise. Implications: somebody changes struct ttychars without knowing what the kernel expects of the order/adjacency of components and the kernel may fall over Fix: Easy. Copy each component to/from user space using individual assignments rather than a single bcopy(). Either that, or make struct ttychars consist of struct tchars and struct ltchars plus other goodies. (well I would do the former, since all these extra structs are really pointless and should be chucked out of the kernel anyway) Ian Donaldson