Fix vulnerabilitie in sysfn 74.1 (add sanity check for user buffer), now user applications can't corrupt kernel memory via invalid buffer address

git-svn-id: svn://kolibrios.org@8700 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Coldy 2021-04-28 06:56:45 +00:00
parent 35ba6d8562
commit b91122a57b

View File

@ -760,7 +760,12 @@ sys_network:
ret
.get_dev_name:
mov esi, [eax + NET_DEVICE.name]
; { Patch by Coldy, sanity check
mov ebx, eax ; eax will used for is_region_userspace return
stdcall is_region_userspace, ecx, 64
jz .bad_buffer
mov esi, [ebx + NET_DEVICE.name] ;mov esi, [eax + NET_DEVICE.name]
; } End patch by Coldy, sanity check
mov edi, ecx
mov ecx, 64/4 ; max length
@ -822,6 +827,7 @@ sys_network:
.doesnt_exist:
.bad_buffer: ; Sanity check failed, exit
mov dword[esp+32], -1
ret