Egor00f/kolibrios
1
0
Fork 0
forked from KolibriOS/kolibrios
Code Pull Requests Activity

fixed vulnerability (reading kernel memory from userspace) in sysfn 7, 15.5 and 65

Browse Source 
git-svn-id: svn://kolibrios.org@8714 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Doczom 2021-05-09 14:02:32 +00:00
parent da3163d11b
commit 5376120685
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
kernel/trunk/kernel.asm
View File

@ -2829,6 +2829,11 @@ align 4
nosb4: nosb4:
cmp ebx, 5 ; BLOCK MOVE TO BGR cmp ebx, 5 ; BLOCK MOVE TO BGR
jnz nosb5 jnz nosb5
; add check pointer
stdcall is_region_userspace, ecx, esi
jz .fin
cmp [img_background], static_background_data cmp [img_background], static_background_data
jnz @f jnz @f
test edx, edx test edx, edx
@ -4385,6 +4390,16 @@ bgrstr:
;----------------------------------------------------------------------------- ;-----------------------------------------------------------------------------
align 4 align 4
syscall_putimage: ; PutImage syscall_putimage: ; PutImage
; add check pointer
push ecx
mov ax, cx
shr ecx, 16
imul eax, ecx
lea eax, [eax*3]
stdcall is_region_userspace, ebx, eax
pop ecx
jz sys_putimage.exit
sys_putimage: sys_putimage:
test ecx, 0x80008000 test ecx, 0x80008000
jnz .exit jnz .exit