[KERNEL] fixed vulnerability (execution of user code in kernel mode) in sysfn 77.10 and sysfn 77.11

git-svn-id: svn://kolibrios.org@9884 a494cfbc-eb01-0410-851d-a64ba20cac60
2022-10-25 18:20:48 +00:00 · 2022-10-25 18:20:48 +00:00 · b2734e40fd
parent 19cab98b13
commit b2734e40fd
1 changed files with 6 additions and 0 deletions
--- a/kernel/trunk/posix/posix.inc
+++ b/kernel/trunk/posix/posix.inc
@ -83,6 +83,9 @@ sys_read:
        mov     edi, [current_process]
        mov     ebp, [edi + PROC.htab + ecx*4]

+        stdcall is_region_userspace, ebp, 4
+        jz      .fail
+
        cmp     [ebp + FILED.magic], 'PIPE'
        jne     .fail
        cmp     [ebp + FILED.handle], ecx
@ -113,6 +116,9 @@ sys_write:
        mov     edi, [current_process]
        mov     ebp, [edi + PROC.htab+ecx*4]

+        stdcall is_region_userspace, ebp, 4
+        jz      .fail
+
        cmp     [ebp + FILED.magic], 'PIPE'
        jne     .fail
        cmp     [ebp + FILED.handle], ecx