fixed vulnerability (kernel memory rewrite) in sysfn 30.2 and 30.5

git-svn-id: svn://kolibrios.org@8676 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-04-22 20:56:05 +00:00 · 2021-04-22 20:56:05 +00:00 · 0c0895f9a0
commit 0c0895f9a0
parent c7a8498e42
1 changed files with 8 additions and 0 deletions
--- a/kernel/trunk/fs/fs_lfn.inc
+++ b/kernel/trunk/fs/fs_lfn.inc
@ -458,6 +458,14 @@ sys_current_directory:  ; sysfunction 30

 .get:
 ; in: ecx -> buffer, edx = length, eax = encoding
+        stdcall is_region_userspace, ecx, edx
+        jnz     @f
+
+        ; if illegal buffer given
+        xor     edx, edx
+        jmp     .ret
+@@:
+
        mov     esi, edi
        inc     esi
        mov     edi, ecx