RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 19:22:45 +00:00
Code Issues Activity Actions

UserspaceEmulator: Handle overflow in virt$realpath

Browse source
This commit is contained in:
Ben Wiederhake 2020-12-05 23:48:50 +01:00 committed by Andreas Kling
parent 6c2ea4c4e9
commit 88b090a808
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
DevTools/UserspaceEmulator/Emulator.cpp
View file

@ -1137,16 +1137,20 @@ int Emulator::virt$realpath(FlatPtr params_addr)
Syscall::SC_realpath_params params;
mmu().copy_from_vm(&params, params_addr, sizeof(params));
if (params.path.length > PATH_MAX) {
return -ENAMETOOLONG;
}
auto path = mmu().copy_buffer_from_vm((FlatPtr)params.path.characters, params.path.length);
char host_buffer[PATH_MAX] = {};
size_t host_buffer_size = min(sizeof(host_buffer), params.buffer.size);
Syscall::SC_realpath_params host_params;
host_params.path = { (const char*)path.data(), path.size() };
host_params.buffer = { host_buffer, sizeof(host_buffer) };
host_params.buffer = { host_buffer, host_buffer_size };
int rc = syscall(SC_realpath, &host_params);
if (rc < 0)
return rc;
mmu().copy_to_vm((FlatPtr)params.buffer.data, host_buffer, min(params.buffer.size, sizeof(host_buffer)));
mmu().copy_to_vm((FlatPtr)params.buffer.data, host_buffer, host_buffer_size);
return rc;
}