From a62bdb07615dbb4cb675133a84e87444164b99a7 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sun, 2 Jan 2022 12:51:20 +0100
Subject: [PATCH] Kernel: Delay Process data unprotection in sys$pledge()

Don't unprotect the protected data area until we've validated the pledge
syscall inputs.
---
 Kernel/Syscalls/pledge.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp
index 91c7306ad4..47457205e3 100644
--- a/Kernel/Syscalls/pledge.cpp
+++ b/Kernel/Syscalls/pledge.cpp
@@ -42,8 +42,6 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
         return true;
     };
 
-    ProtectedDataMutationScope scope { *this };
-
     u32 new_promises = 0;
     if (promises) {
         if (!parse_pledge(promises->view(), new_promises))
@@ -65,6 +63,8 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
     // erroring out when parsing the exec promises later. Such bugs silently
     // leave the caller in an unexpected state.
 
+    ProtectedDataMutationScope scope { *this };
+
     if (promises) {
         m_protected_values.has_promises = true;
         m_protected_values.promises = new_promises;