RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 08:48:11 +00:00
Code Issues Activity Actions

Kernel: Use Userspace<T> for the recvfrom syscall, and Socket implementation

Browse source 
This fixes a bunch of unchecked kernel reads and writes, seems like they
would might exploitable :). Write of sockaddr_in size to any address you
please...
This commit is contained in:
Brian Gianforcaro 2020-08-18 00:25:23 -07:00 committed by Andreas Kling
parent 9f9b05ba0f
commit 8e97de2df9
9 changed files with 43 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Net/LocalSocket.cpp
View file

@ -290,7 +290,7 @@ DoubleBuffer& LocalSocket::send_buffer_for(FileDescription& description)
ASSERT_NOT_REACHED();
}
KResultOr<size_t> LocalSocket::recvfrom(FileDescription& description, void* buffer, size_t buffer_size, int, sockaddr*, socklen_t*)
KResultOr<size_t> LocalSocket::recvfrom(FileDescription& description, void* buffer, size_t buffer_size, int, Userspace<sockaddr*>, Userspace<socklen_t*>)
{
auto& buffer_for_me = receive_buffer_for(description);
if (!description.is_blocking()) {