SysFn 9 security fix: now apps cannot destroy kernel memory via passing illegal address in ebx

Update docs on SysFn 9 git-svn-id: svn://kolibrios.org@8246 a494cfbc-eb01-0410-851d-a64ba20cac60
2020-11-23 18:52:56 +00:00
parent a75d4696ea
commit 5d4528238c
3 changed files with 18 additions and 0 deletions
--- a/kernel/trunk/kernel.asm
+++ b/kernel/trunk/kernel.asm
@@ -3159,6 +3159,14 @@ sys_cpuusage:
 ;  +26 dword     used mem
 ;  +30 dword     PID , process idenfification number
 ;
+        ; if given memory address belongs to kernel then error
+        push    ebx
+        mov     eax, ebx
+        mov     ebx, 0x4C
+        call    is_region_userspace
+        pop     ebx
+        test    eax, eax
+        jz      .addr_error

        cmp     ecx, -1 ; who am I ?
        jne     .no_who_am_i
@@ -3249,6 +3257,10 @@ sys_cpuusage:
        mov     [esp+32], eax
        ret

+.addr_error:    ; if given memory address is illegal
+        mov     eax, -1
+        ret   
+
 align 4
 sys_clock:
        cli