From b91122a57bc5b3d4c0fd383a45a14305edc012e9 Mon Sep 17 00:00:00 2001
From: Coldy <Coldy@kolibrios.org>
Date: Wed, 28 Apr 2021 06:56:45 +0000
Subject: [PATCH] Fix vulnerabilitie in sysfn 74.1 (add sanity check for user
 buffer), now user applications can't corrupt kernel memory via invalid buffer
 address

git-svn-id: svn://kolibrios.org@8700 a494cfbc-eb01-0410-851d-a64ba20cac60
---
 kernel/trunk/network/stack.inc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/kernel/trunk/network/stack.inc b/kernel/trunk/network/stack.inc
index b92ab063aa..6c95deb6d1 100644
--- a/kernel/trunk/network/stack.inc
+++ b/kernel/trunk/network/stack.inc
@@ -760,7 +760,12 @@ sys_network:
         ret
 
   .get_dev_name:
-        mov     esi, [eax + NET_DEVICE.name]
+; { Patch by Coldy, sanity check
+        mov     ebx, eax ; eax will used for is_region_userspace return 
+        stdcall is_region_userspace, ecx, 64
+        jz      .bad_buffer      
+        mov     esi, [ebx + NET_DEVICE.name] ;mov     esi, [eax + NET_DEVICE.name]
+; } End patch by Coldy, sanity check
         mov     edi, ecx
 
         mov     ecx, 64/4 ; max length
@@ -822,6 +827,7 @@ sys_network:
 
 
   .doesnt_exist:
+  .bad_buffer: ; Sanity check failed, exit
         mov     dword[esp+32], -1
         ret