keXa/kolibrios
1
0
Fork 0
forked from KolibriOS/kolibrios
Code Pull Requests Activity

SysFn 26.2 security fix: now apps cannot destroy kernel memory via passing illegal address to this sysfn

Browse Source 
git-svn-id: svn://kolibrios.org@8158 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Rustem Gimadutdinov (rgimad) 2020-11-06 23:15:44 +00:00
parent c369f06816
commit 160a8c789a
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
kernel/trunk/kernel.asm
View File

@ -1746,6 +1746,9 @@ sys_getsetup:
dec ecx dec ecx
jnz .shift jnz .shift
cmp ebx, 0x7FFFFFFF ; if given memory address belongs to kernel then error
ja .addr_error
mov eax, keymap mov eax, keymap
mov ecx, 128 mov ecx, 128
call memmove call memmove
@ -1756,6 +1759,9 @@ sys_getsetup:
dec ecx dec ecx
jnz .alt jnz .alt
cmp ebx, 0x7FFFFFFF
ja .addr_error
mov eax, keymap_shift mov eax, keymap_shift
mov ecx, 128 mov ecx, 128
call memmove call memmove
@ -1766,6 +1772,9 @@ sys_getsetup:
dec ecx dec ecx
jne .country jne .country
cmp ebx, 0x7FFFFFFF
ja .addr_error
mov eax, keymap_alt mov eax, keymap_alt
mov ecx, 128 mov ecx, 128
call memmove call memmove
@ -1779,6 +1788,10 @@ sys_getsetup:
movzx eax, word [keyboard] movzx eax, word [keyboard]
mov [esp+32], eax mov [esp+32], eax
ret ret
.addr_error: ; if given memory address is illegal
mov eax, -1
ret
;-------------------------------------- ;--------------------------------------
@@: @@:
; F.26.5 - get system language ; F.26.5 - get system language