fixed vulnerability (reading kernel memory from userspace) in sysfn 7, 15.5 and 65

git-svn-id: svn://kolibrios.org@8714 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-05-09 14:02:32 +00:00 · 2021-05-09 14:02:32 +00:00 · 5376120685
commit 5376120685
parent da3163d11b
1 changed files with 15 additions and 0 deletions
--- a/kernel/trunk/kernel.asm
+++ b/kernel/trunk/kernel.asm
@ -2829,6 +2829,11 @@ align 4
 nosb4:
        cmp     ebx, 5                     ; BLOCK MOVE TO BGR
        jnz     nosb5
+
+; add check pointer
+        stdcall is_region_userspace, ecx, esi
+        jz      .fin
+
        cmp     [img_background], static_background_data
        jnz     @f
        test    edx, edx
@ -4385,6 +4390,16 @@ bgrstr:
 ;-----------------------------------------------------------------------------
 align 4
 syscall_putimage:                       ; PutImage
+; add check pointer
+        push    ecx
+        mov     ax, cx
+        shr     ecx, 16
+        imul    eax, ecx
+        lea     eax, [eax*3]
+        stdcall is_region_userspace, ebx, eax
+        pop     ecx
+        jz      sys_putimage.exit
+
 sys_putimage:
        test    ecx, 0x80008000
        jnz     .exit