Fix vulnerabilitie in sysfn 74.1 (add sanity check for user buffer), now user applications can't corrupt kernel memory via invalid buffer address

git-svn-id: svn://kolibrios.org@8700 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-04-28 06:56:45 +00:00 · 2021-04-28 06:56:45 +00:00 · b91122a57b
commit b91122a57b
parent 35ba6d8562
1 changed files with 7 additions and 1 deletions
--- a/kernel/trunk/network/stack.inc
+++ b/kernel/trunk/network/stack.inc
@ -760,7 +760,12 @@ sys_network:
        ret

  .get_dev_name:
-        mov     esi, [eax + NET_DEVICE.name]
+; { Patch by Coldy, sanity check
+        mov     ebx, eax ; eax will used for is_region_userspace return 
+        stdcall is_region_userspace, ecx, 64
+        jz      .bad_buffer      
+        mov     esi, [ebx + NET_DEVICE.name] ;mov     esi, [eax + NET_DEVICE.name]
+; } End patch by Coldy, sanity check
        mov     edi, ecx

        mov     ecx, 64/4 ; max length
@ -822,6 +827,7 @@ sys_network:


  .doesnt_exist:
+  .bad_buffer: ; Sanity check failed, exit
        mov     dword[esp+32], -1
        ret