SysFn 26.2 security fix: now apps cannot destroy kernel memory via passing illegal address to this sysfn

git-svn-id: svn://kolibrios.org@8158 a494cfbc-eb01-0410-851d-a64ba20cac60
2020-11-06 23:15:44 +00:00 · 2020-11-06 23:15:44 +00:00 · 160a8c789a
commit 160a8c789a
parent c369f06816
1 changed files with 13 additions and 0 deletions
--- a/kernel/trunk/kernel.asm
+++ b/kernel/trunk/kernel.asm
@ -1746,6 +1746,9 @@ sys_getsetup:
        dec     ecx
        jnz     .shift

+        cmp     ebx, 0x7FFFFFFF ; if given memory address belongs to kernel then error
+        ja      .addr_error
+
        mov     eax, keymap
        mov     ecx, 128
        call    memmove
@ -1756,6 +1759,9 @@ sys_getsetup:
        dec     ecx
        jnz     .alt

+        cmp     ebx, 0x7FFFFFFF
+        ja      .addr_error
+
        mov     eax, keymap_shift
        mov     ecx, 128
        call    memmove
@ -1766,6 +1772,9 @@ sys_getsetup:
        dec     ecx
        jne     .country

+        cmp     ebx, 0x7FFFFFFF
+        ja      .addr_error
+
        mov     eax, keymap_alt
        mov     ecx, 128
        call    memmove
@ -1779,6 +1788,10 @@ sys_getsetup:
        movzx   eax, word [keyboard]
        mov     [esp+32], eax
        ret
+
+.addr_error:    ; if given memory address is illegal
+        mov     eax, -1
+        ret        
 ;--------------------------------------
@@:
 ; F.26.5 - get system language