RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-21 14:45:07 +00:00
Code Issues Activity Actions

Kernel: Check for off_t overflow before reading/writing InodeFile

Browse source 
Let's double-check before calling the Inode. This way we don't have to
trust every Inode subclass to validate user-supplied inputs.
This commit is contained in:
Andreas Kling 2021-02-03 10:51:37 +01:00
parent 342b787d1c
commit 9f05044c50
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Kernel/FileSystem/InodeFile.cpp
View file

@ -48,6 +48,9 @@ InodeFile::~InodeFile()
KResultOr<size_t> InodeFile::read(FileDescription& description, size_t offset, UserOrKernelBuffer& buffer, size_t count) KResultOr<size_t> InodeFile::read(FileDescription& description, size_t offset, UserOrKernelBuffer& buffer, size_t count)
{ {
if (Checked<off_t>::addition_would_overflow(offset, count))
return EOVERFLOW;
ssize_t nread = m_inode->read_bytes(offset, count, buffer, &description); ssize_t nread = m_inode->read_bytes(offset, count, buffer, &description);
if (nread > 0) { if (nread > 0) {
Thread::current()->did_file_read(nread); Thread::current()->did_file_read(nread);
@ -60,6 +63,9 @@ KResultOr<size_t> InodeFile::read(FileDescription& description, size_t offset, U
KResultOr<size_t> InodeFile::write(FileDescription& description, size_t offset, const UserOrKernelBuffer& data, size_t count) KResultOr<size_t> InodeFile::write(FileDescription& description, size_t offset, const UserOrKernelBuffer& data, size_t count)
{ {
if (Checked<off_t>::addition_would_overflow(offset, count))
return EOVERFLOW;
ssize_t nwritten = m_inode->write_bytes(offset, count, data, &description); ssize_t nwritten = m_inode->write_bytes(offset, count, data, &description);
if (nwritten > 0) { if (nwritten > 0) {
m_inode->set_mtime(kgettimeofday().tv_sec); m_inode->set_mtime(kgettimeofday().tv_sec);