RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 05:47:34 +00:00
Code Issues Activity Actions

Kernel: Add the auxiliary vector to the stack size validation

Browse source 
This patch validates that the size of the auxiliary vector does not
exceed `Process::max_auxiliary_size`. The auxiliary vector is a range
of memory in userspace stack where the kernel can pass information to
the process that will be created via `Process:do_exec`.

The reason the kernel needs to validate its size is that the about to
be created process needs to have remaining space on the stack.
Previously only `argv` and `envp` were taken into account for the
size validation, with this patch, the size of `auxv` is also
checked. All three elements contain values that a user (or an
attacker) can specify.

This patch adds the constant `Process::max_auxiliary_size` which is
defined to be one eight of the user-space stack size. This is the
approach taken by `Process:max_arguments_size` and
`Process::max_environment_size` which are used to check the sizes
of `argv` and `envp`.
This commit is contained in:
Agustin Gianni 2022-12-05 15:12:48 +01:00 committed by Linus Groh
parent e6a8bd1058
commit ac40090583
2 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Kernel/Process.h
View file

@ -466,6 +466,7 @@ public:
static constexpr size_t max_arguments_size = Thread::default_userspace_stack_size / 8;
static constexpr size_t max_environment_size = Thread::default_userspace_stack_size / 8;
static constexpr size_t max_auxiliary_size = Thread::default_userspace_stack_size / 8;
NonnullOwnPtrVector<KString> const& arguments() const { return m_arguments; };
NonnullOwnPtrVector<KString> const& environment() const { return m_environment; };