fixed vulnerabilities in sysfn 18.11 and 36, now user applications cannot corrupt kernel memory via invalid buffer address

git-svn-id: svn://kolibrios.org@8598 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-02-21 09:59:47 +00:00 · 2021-02-21 09:59:47 +00:00 · d82e0a30b4
commit d82e0a30b4
parent 50415dcf52
1 changed files with 10 additions and 0 deletions
--- a/kernel/trunk/kernel.asm
+++ b/kernel/trunk/kernel.asm
@ -2439,6 +2439,8 @@ sysfn_getdiskinfo:      ; 18.11 = get disk info table
        dec     ecx
        jnz     .exit
 .small_table:
+        stdcall is_region_userspace, edx, DRIVE_DATA_SIZE
+        jz      .exit
        mov     edi, edx
        mov     esi, DRIVE_DATA
        mov     ecx, DRIVE_DATA_SIZE ;10
@ -5347,6 +5349,12 @@ syscall_getarea:
        mov     esi, ecx
     ; ecx - size x, edx - size y

+        mov     ebp, edx
+        lea     ebp, [ebp*3]
+        imul    ebp, esi
+        stdcall is_region_userspace, edi, ebp
+        jz      .exit
+
        mov     ebp, edx
        dec     ebp
        lea     ebp, [ebp*3]
@ -5386,6 +5394,8 @@ align 4
        dec     ebx
        dec     edx
        jnz     .start_y
+        
+.exit:
        popad
        ret
 ;-----------------------------------------------------------------------------