Fixed vulnerabilitie in sysfn 68.23 (system halt if the name doesn't exist)

git-svn-id: svn://kolibrios.org@9405 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-12-06 16:57:50 +00:00 · 2021-12-06 16:57:50 +00:00 · f3dca4689e
commit f3dca4689e
parent 743ff0dfff
1 changed files with 6 additions and 2 deletions
--- a/kernel/trunk/core/heap.inc
+++ b/kernel/trunk/core/heap.inc
@ -1478,6 +1478,7 @@ proc shmem_close stdcall, name:dword
        test    eax, eax
        jz      .fail

+        push    ebx ; Added
        push    esi
        push    edi
        pushfd
@ -1485,14 +1486,16 @@ proc shmem_close stdcall, name:dword

        mov     esi, [current_slot]
        add     esi, APP_OBJ_OFFSET
+        mov     ebx, esi ; Fixed endless loop bug with not existing name (part 1)
 .next:
        mov     eax, [esi + APPOBJ.fd]
        test    eax, eax
        jz      @F

-        cmp     eax, esi
+        cmp     eax, ebx ;esi ; Fixed endless loop bug with not existing name (part 2)
+        je      @F            ; Small optimization
        mov     esi, eax
-        je      @F
+        ;je      @F

        cmp     [eax + SMAP.magic], 'SMAP'
        jne     .next
@ -1514,6 +1517,7 @@ proc shmem_close stdcall, name:dword
        popfd
        pop     edi
        pop     esi
+        pop     ebx ; Added
 .fail:
        ret
 endp