From c7a8498e4254de97349a9867e41b79e17d38b298 Mon Sep 17 00:00:00 2001 From: "Rustem Gimadutdinov (rgimad)" Date: Thu, 22 Apr 2021 19:59:52 +0000 Subject: [PATCH] fixed vulnerability (reading kernel memory from userspace) in sysfn25 git-svn-id: svn://kolibrios.org@8675 a494cfbc-eb01-0410-851d-a64ba20cac60 --- kernel/trunk/kernel.asm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/trunk/kernel.asm b/kernel/trunk/kernel.asm index 7e7d70e583..5b21513082 100644 --- a/kernel/trunk/kernel.asm +++ b/kernel/trunk/kernel.asm @@ -5420,6 +5420,14 @@ syscall_putarea_backgr: mov esi, ecx ; ecx - size x, edx - size y mov ebp, edx + + lea ebp, [ebp*4] + imul ebp, esi + stdcall is_region_userspace, edi, ebp + jz .exit + + mov ebp, edx + dec ebp shl ebp, 2 @@ -5477,6 +5485,7 @@ align 4 dec edx jnz .start_y +.exit: popad ret ;-----------------------------------------------------------------------------