Kernel: Fix userspace pointer checks
Some syscalls were unconditionally validating optional paramenters which were allowed to be null pointers
This commit is contained in:
parent
3e97a82af0
commit
8b7790ded2
|
@ -1158,7 +1158,9 @@ namespace Kernel
|
|||
BAN::ErrorOr<long> Process::sys_hardlinkat(int fd1, const char* path1, int fd2, const char* path2, int flag)
|
||||
{
|
||||
LockGuard _(m_process_lock);
|
||||
if (path1 != nullptr)
|
||||
TRY(validate_string_access(path1));
|
||||
if (path2 != nullptr)
|
||||
TRY(validate_string_access(path2));
|
||||
|
||||
auto inode = TRY(find_file(fd1, path1, flag)).inode;
|
||||
|
@ -1180,6 +1182,7 @@ namespace Kernel
|
|||
return BAN::Error::from_errno(EINVAL);
|
||||
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
|
||||
auto [parent, file_name] = TRY(find_parent_file(fd, path, O_WRONLY));
|
||||
|
@ -1195,6 +1198,7 @@ namespace Kernel
|
|||
BAN::ErrorOr<long> Process::sys_readlinkat(int fd, const char* path, char* buffer, size_t bufsize)
|
||||
{
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
TRY(validate_pointer_access(buffer, bufsize, true));
|
||||
|
||||
|
@ -1262,6 +1266,7 @@ namespace Kernel
|
|||
flag = O_NOFOLLOW;
|
||||
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
|
||||
auto inode = TRY(find_file(fd, path, flag)).inode;
|
||||
|
@ -1285,6 +1290,7 @@ namespace Kernel
|
|||
flag = O_NOFOLLOW;
|
||||
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
|
||||
auto inode = TRY(find_file(fd, path, flag)).inode;
|
||||
|
@ -1971,6 +1977,8 @@ namespace Kernel
|
|||
flag = O_NOFOLLOW;
|
||||
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
TRY(validate_pointer_access(buf, sizeof(struct stat), true));
|
||||
|
||||
auto inode = TRY(find_file(fd, path, flag)).inode;
|
||||
|
@ -1994,6 +2002,8 @@ namespace Kernel
|
|||
BAN::ErrorOr<long> Process::sys_fstatvfsat(int fd, const char* path, struct statvfs* buf)
|
||||
{
|
||||
LockGuard _(m_process_lock);
|
||||
if (path != nullptr)
|
||||
TRY(validate_string_access(path));
|
||||
TRY(validate_pointer_access(buf, sizeof(struct statvfs), true));
|
||||
|
||||
auto inode = TRY(find_file(fd, path, 0)).inode;
|
||||
|
@ -3297,6 +3307,9 @@ unauthorized_access:
|
|||
{
|
||||
// TODO: This seems very slow as we loop over the range twice
|
||||
|
||||
if (size == 0)
|
||||
return {};
|
||||
|
||||
TRY(validate_pointer_access_check(ptr, size, needs_write));
|
||||
|
||||
const vaddr_t vaddr = reinterpret_cast<vaddr_t>(ptr);
|
||||
|
|
Loading…
Reference in New Issue