From 5376120685db73a94978af111f1b3a4408b567d7 Mon Sep 17 00:00:00 2001
From: Doczom <Doczom@kolibrios.org>
Date: Sun, 9 May 2021 14:02:32 +0000
Subject: [PATCH] fixed vulnerability (reading kernel memory from userspace) in
 sysfn 7, 15.5 and 65

git-svn-id: svn://kolibrios.org@8714 a494cfbc-eb01-0410-851d-a64ba20cac60
---
 kernel/trunk/kernel.asm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/kernel/trunk/kernel.asm b/kernel/trunk/kernel.asm
index b4e6671545..07009fcb3f 100644
--- a/kernel/trunk/kernel.asm
+++ b/kernel/trunk/kernel.asm
@@ -2829,6 +2829,11 @@ align 4
 nosb4:
         cmp     ebx, 5                     ; BLOCK MOVE TO BGR
         jnz     nosb5
+
+; add check pointer
+        stdcall is_region_userspace, ecx, esi
+        jz      .fin
+
         cmp     [img_background], static_background_data
         jnz     @f
         test    edx, edx
@@ -4385,6 +4390,16 @@ bgrstr:
 ;-----------------------------------------------------------------------------
 align 4
 syscall_putimage:                       ; PutImage
+; add check pointer
+        push    ecx
+        mov     ax, cx
+        shr     ecx, 16
+        imul    eax, ecx
+        lea     eax, [eax*3]
+        stdcall is_region_userspace, ebx, eax
+        pop     ecx
+        jz      sys_putimage.exit
+
 sys_putimage:
         test    ecx, 0x80008000
         jnz     .exit