From b2734e40fde6506c341bb4a7c6293e4e0c39f889 Mon Sep 17 00:00:00 2001 From: Doczom Date: Tue, 25 Oct 2022 18:20:48 +0000 Subject: [PATCH] [KERNEL] fixed vulnerability (execution of user code in kernel mode) in sysfn 77.10 and sysfn 77.11 git-svn-id: svn://kolibrios.org@9884 a494cfbc-eb01-0410-851d-a64ba20cac60 --- kernel/trunk/posix/posix.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/trunk/posix/posix.inc b/kernel/trunk/posix/posix.inc index 9ef0ba5b7c..e4bd6c8aa4 100644 --- a/kernel/trunk/posix/posix.inc +++ b/kernel/trunk/posix/posix.inc @@ -83,6 +83,9 @@ sys_read: mov edi, [current_process] mov ebp, [edi + PROC.htab + ecx*4] + stdcall is_region_userspace, ebp, 4 + jz .fail + cmp [ebp + FILED.magic], 'PIPE' jne .fail cmp [ebp + FILED.handle], ecx @@ -113,6 +116,9 @@ sys_write: mov edi, [current_process] mov ebp, [edi + PROC.htab+ecx*4] + stdcall is_region_userspace, ebp, 4 + jz .fail + cmp [ebp + FILED.magic], 'PIPE' jne .fail cmp [ebp + FILED.handle], ecx