From 0feb6e06af1e48c2b1a937c6a593fceeafd728d2 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Tue, 31 Dec 2013 12:23:55 +0100
Subject: [PATCH] devproc: fix noteid permission checks for none

make sure noteid is valid (>0).

prohibit changing note group of kernel processes. this is also
checked for in pgrpnote().

prevent "none" user from changing its note group to another "none"
sessions. this would allow him to send notes other none processes
other than its own.
---
 sys/src/9/port/devproc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/src/9/port/devproc.c b/sys/src/9/port/devproc.c
index 11a04bb55..2207a627a 100644
--- a/sys/src/9/port/devproc.c
+++ b/sys/src/9/port/devproc.c
@@ -1136,16 +1136,21 @@ procwrite(Chan *c, void *va, long n, vlong off)
 			error("note not posted");
 		break;
 	case Qnoteid:
+		if(p->kp)
+			error(Eperm);
 		id = atoi(a);
+		if(id <= 0)
+			error(Ebadarg);
 		if(id == p->pid) {
 			p->noteid = id;
 			break;
 		}
 		t = proctab(0);
 		for(et = t+conf.nproc; t < et; t++) {
-			if(t->state == Dead)
+			if(t->state == Dead || t->kp)
 				continue;
 			if(id == t->noteid) {
+				nonone(t);
 				if(strcmp(p->user, t->user) != 0)
 					error(Eperm);
 				p->noteid = id;