Apply by doing:
cd /usr/src
patch -p0 < 003_systrace.patch
And then rebuild your kernel.
Index: sys/dev/systrace.c
===================================================================
RCS file: /cvs/src/sys/dev/systrace.c,v
retrieving revision 1.42
retrieving revision 1.42.2.1
diff -u -p -r1.42 -r1.42.2.1
--- sys/dev/systrace.c 28 May 2006 17:06:38 -0000 1.42
+++ sys/dev/systrace.c 1 Nov 2006 20:03:35 -0000 1.42.2.1
@@ -1359,9 +1359,16 @@ systrace_preprepl(struct str_process *st
return (EINVAL);
for (i = 0, len = 0; i < repl->strr_nrepl; i++) {
- len += repl->strr_offlen[i];
+ if (repl->strr_argind[i] < 0 ||
+ repl->strr_argind[i] >= SYSTR_MAXARGS)
+ return (EINVAL);
if (repl->strr_offlen[i] == 0)
continue;
+ len += repl->strr_offlen[i];
+ if (repl->strr_offlen[i] > SYSTR_MAXREPLEN ||
+ repl->strr_off[i] > SYSTR_MAXREPLEN ||
+ len > SYSTR_MAXREPLEN)
+ return (EINVAL);
if (repl->strr_offlen[i] + repl->strr_off[i] > len)
return (EINVAL);
}
@@ -1371,7 +1378,7 @@ systrace_preprepl(struct str_process *st
return (EINVAL);
/* Check against a maximum length */
- if (repl->strr_len > 2048)
+ if (repl->strr_len > SYSTR_MAXREPLEN)
return (EINVAL);
strp->replace = (struct systrace_replace *)
@@ -1406,6 +1413,10 @@ systrace_replace(struct str_process *str
maxarg = argsize/sizeof(register_t);
ubase = stackgap_alloc(&strp->sg, repl->strr_len);
+ if (ubase == NULL) {
+ ret = EINVAL;
+ goto out;
+ }
kbase = repl->strr_base;
for (i = 0; i < maxarg && i < repl->strr_nrepl; i++) {
Index: sys/dev/systrace.h
===================================================================
RCS file: /cvs/src/sys/dev/systrace.h,v
retrieving revision 1.19
retrieving revision 1.19.2.1
diff -u -p -r1.19 -r1.19.2.1
--- sys/dev/systrace.h 23 May 2006 22:28:22 -0000 1.19
+++ sys/dev/systrace.h 1 Nov 2006 20:03:35 -0000 1.19.2.1
@@ -54,6 +54,7 @@ struct str_msg_execve {
#define SYSTR_MAXARGS 64
#define SYSTR_MAXFNAME 8
#define SYSTR_MAXINJECTS 8
+#define SYSTR_MAXREPLEN 2048
struct str_msg_ask {
int code;
