RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 14:47:44 +00:00
Code Issues Activity Actions

Kernel: Sanitize all user-supplied timeval's/timespec's

Browse source 
This also removes a bunch of unnecessary EINVAL. Most of them weren't even
recommended by POSIX.
This commit is contained in:
Ben Wiederhake 2021-02-21 20:28:20 +01:00 committed by Andreas Kling
parent 649abc01bc
commit 8598240193
4 changed files with 42 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Kernel/Syscalls/select.cpp
View file

@ -45,9 +45,11 @@ KResultOr<int> Process::sys$select(Userspace<const Syscall::SC_select_params*> u
Thread::BlockTimeout timeout;
if (params.timeout) {
timespec timeout_copy;
if (!copy_from_user(&timeout_copy, params.timeout))
Optional<Time> timeout_time = copy_time_from_user(params.timeout);
if (!timeout_time.has_value())
return EFAULT;
auto timeout_copy = timeout_time->to_timespec();
// FIXME: Should use AK::Time internally
timeout = Thread::BlockTimeout(false, &timeout_copy);
}
@ -142,7 +144,6 @@ KResultOr<int> Process::sys$poll(Userspace<const Syscall::SC_poll_params*> user_
{
REQUIRE_PROMISE(stdio);
// FIXME: Return -EINVAL if timeout is invalid.
Syscall::SC_poll_params params;
if (!copy_from_user(&params, user_params))
return EFAULT;
@ -152,9 +153,11 @@ KResultOr<int> Process::sys$poll(Userspace<const Syscall::SC_poll_params*> user_
Thread::BlockTimeout timeout;
if (params.timeout) {
timespec timeout_copy;
if (!copy_from_user(&timeout_copy, params.timeout))
auto timeout_time = copy_time_from_user(params.timeout);
if (!timeout_time.has_value())
return EFAULT;
timespec timeout_copy = timeout_time->to_timespec();
// FIXME: Should use AK::Time internally
timeout = Thread::BlockTimeout(false, &timeout_copy);
}