Fix vulnerabilitie in sysfn 74.1 (add sanity check for user buffer), now user applications can't corrupt kernel memory via invalid buffer address

git-svn-id: svn://kolibrios.org@8700 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Coldy 2021-04-28 06:56:45 +00:00
parent 35ba6d8562
commit b91122a57b

View File

@ -760,7 +760,12 @@ sys_network:
ret ret
.get_dev_name: .get_dev_name:
mov esi, [eax + NET_DEVICE.name] ; { Patch by Coldy, sanity check
mov ebx, eax ; eax will used for is_region_userspace return
stdcall is_region_userspace, ecx, 64
jz .bad_buffer
mov esi, [ebx + NET_DEVICE.name] ;mov esi, [eax + NET_DEVICE.name]
; } End patch by Coldy, sanity check
mov edi, ecx mov edi, ecx
mov ecx, 64/4 ; max length mov ecx, 64/4 ; max length
@ -822,6 +827,7 @@ sys_network:
.doesnt_exist: .doesnt_exist:
.bad_buffer: ; Sanity check failed, exit
mov dword[esp+32], -1 mov dword[esp+32], -1
ret ret