From b374dd03bdcd6608dbf8ed0b5ef4af3b2bf3845c Mon Sep 17 00:00:00 2001
From: Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
Date: Sun, 21 Feb 2021 20:03:44 +0100
Subject: [PATCH] Kernel: Prevent inconsistent state after invalid read

copy_from_user can fail, for example when the user-supplied pointer is just before
the end of mapped address space. In that case, the first few bytes would get copied,
permanently overwriting the internal state of the Socket, potentially leaving it
in an inconsistent or at least difficult-to-predict state.
---
 Kernel/Net/Socket.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Kernel/Net/Socket.cpp b/Kernel/Net/Socket.cpp
index aeacd3b1fd..a51e092a2a 100644
--- a/Kernel/Net/Socket.cpp
+++ b/Kernel/Net/Socket.cpp
@@ -134,8 +134,12 @@ KResult Socket::setsockopt(int level, int option, Userspace<const void*> user_va
     case SO_TIMESTAMP:
         if (user_value_size != sizeof(int))
             return EINVAL;
-        if (!copy_from_user(&m_timestamp, static_ptr_cast<const int*>(user_value)))
-            return EFAULT;
+        {
+            int timestamp;
+            if (!copy_from_user(&timestamp, static_ptr_cast<const int*>(user_value)))
+                return EFAULT;
+            m_timestamp = timestamp;
+        }
         if (m_timestamp && (domain() != AF_INET || type() == SOCK_STREAM)) {
             // FIXME: Support SO_TIMESTAMP for more protocols?
             m_timestamp = 0;