Burer/kolibrios
1
0
Fork 0
forked from KolibriOS/kolibrios
Code Pull Requests Activity

fixed vulnerabilities in sysfn 18.11 and 36, now user applications cannot corrupt kernel memory via invalid buffer address

Browse Source 
git-svn-id: svn://kolibrios.org@8598 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Rustem Gimadutdinov (rgimad) 2021-02-21 09:59:47 +00:00
parent 50415dcf52
commit d82e0a30b4
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
kernel/trunk/kernel.asm
View File

@ -2439,6 +2439,8 @@ sysfn_getdiskinfo: ; 18.11 = get disk info table
dec ecx dec ecx
jnz .exit jnz .exit
.small_table: .small_table:
stdcall is_region_userspace, edx, DRIVE_DATA_SIZE
jz .exit
mov edi, edx mov edi, edx
mov esi, DRIVE_DATA mov esi, DRIVE_DATA
mov ecx, DRIVE_DATA_SIZE ;10 mov ecx, DRIVE_DATA_SIZE ;10
@ -5347,6 +5349,12 @@ syscall_getarea:
mov esi, ecx mov esi, ecx
; ecx - size x, edx - size y ; ecx - size x, edx - size y
mov ebp, edx
lea ebp, [ebp*3]
imul ebp, esi
stdcall is_region_userspace, edi, ebp
jz .exit
mov ebp, edx mov ebp, edx
dec ebp dec ebp
lea ebp, [ebp*3] lea ebp, [ebp*3]
@ -5386,6 +5394,8 @@ align 4
dec ebx dec ebx
dec edx dec edx
jnz .start_y jnz .start_y
.exit:
popad popad
ret ret
;----------------------------------------------------------------------------- ;-----------------------------------------------------------------------------