RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-24 22:17:42 +00:00
Code Issues Activity Actions

Kernel: Pointer range validation should fail on wraparound

Browse source 
Let's reject address ranges that wrap around the 2^32 mark.
This commit is contained in:
Andreas Kling 2019-12-31 18:23:17 +01:00
parent 903b159856
commit 36f1de3c89
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/Process.cpp
View file

@ -1971,6 +1971,8 @@ bool Process::validate_read(const void* address, ssize_t size) const
ASSERT(size >= 0); ASSERT(size >= 0);
VirtualAddress first_address((u32)address); VirtualAddress first_address((u32)address);
VirtualAddress last_address = first_address.offset(size - 1); VirtualAddress last_address = first_address.offset(size - 1);
if (last_address < first_address)
return false;
if (is_ring0()) { if (is_ring0()) {
auto kmc_result = check_kernel_memory_access(first_address, false); auto kmc_result = check_kernel_memory_access(first_address, false);
if (kmc_result == KernelMemoryCheckResult::AccessGranted) if (kmc_result == KernelMemoryCheckResult::AccessGranted)
@ -1995,6 +1997,8 @@ bool Process::validate_write(void* address, ssize_t size) const
ASSERT(size >= 0); ASSERT(size >= 0);
VirtualAddress first_address((u32)address); VirtualAddress first_address((u32)address);
VirtualAddress last_address = first_address.offset(size - 1); VirtualAddress last_address = first_address.offset(size - 1);
if (last_address < first_address)
return false;
if (is_ring0()) { if (is_ring0()) {
if (is_kmalloc_address(address)) if (is_kmalloc_address(address))
return true; return true;