Haiku/haiku
Haiku/haiku
1
0
Fork 0
mirror of https://review.haiku-os.org/haiku synced 2024-11-23 07:18:40 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

kernel/fs: Add missing IS_USER_ADDRESS check in user_vector_io.

Browse Source 
The iovecs themselves were checked before they were copied,
but the iov_base inside each was not, making it possible
for evil (or just broken) user applications to put kernel
addresses in here.

Part of #14961.
This commit is contained in:
Augustin Cavalier 2019-09-13 22:11:27 -04:00
parent e315daa9c1
commit 2b5ebfcfd5
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/system/kernel/fs/fd.cpp
View File

@ -822,6 +822,13 @@ common_user_vector_io(int fd, off_t pos, const iovec* userVecs, size_t count,
ssize_t bytesTransferred = 0;
for (uint32 i = 0; i < count; i++) {
if (!IS_USER_ADDRESS(vecs[i].iov_base)) {
status = B_BAD_ADDRESS;
if (bytesTransferred == 0)
return status;
break;
}
size_t length = vecs[i].iov_len;
if (write) {
status = descriptor->ops->fd_write(descriptor, pos,