forked from KolibriOS/kolibrios
[KERNEL] fixed vulnerability (execution of user code in kernel mode) in sysfn 77.10 and sysfn 77.11
git-svn-id: svn://kolibrios.org@9884 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
19cab98b13
commit
b2734e40fd
@ -83,6 +83,9 @@ sys_read:
|
|||||||
mov edi, [current_process]
|
mov edi, [current_process]
|
||||||
mov ebp, [edi + PROC.htab + ecx*4]
|
mov ebp, [edi + PROC.htab + ecx*4]
|
||||||
|
|
||||||
|
stdcall is_region_userspace, ebp, 4
|
||||||
|
jz .fail
|
||||||
|
|
||||||
cmp [ebp + FILED.magic], 'PIPE'
|
cmp [ebp + FILED.magic], 'PIPE'
|
||||||
jne .fail
|
jne .fail
|
||||||
cmp [ebp + FILED.handle], ecx
|
cmp [ebp + FILED.handle], ecx
|
||||||
@ -113,6 +116,9 @@ sys_write:
|
|||||||
mov edi, [current_process]
|
mov edi, [current_process]
|
||||||
mov ebp, [edi + PROC.htab+ecx*4]
|
mov ebp, [edi + PROC.htab+ecx*4]
|
||||||
|
|
||||||
|
stdcall is_region_userspace, ebp, 4
|
||||||
|
jz .fail
|
||||||
|
|
||||||
cmp [ebp + FILED.magic], 'PIPE'
|
cmp [ebp + FILED.magic], 'PIPE'
|
||||||
jne .fail
|
jne .fail
|
||||||
cmp [ebp + FILED.handle], ecx
|
cmp [ebp + FILED.handle], ecx
|
||||||
|
Loading…
Reference in New Issue
Block a user