RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-22 16:15:08 +00:00
Code Issues Activity Actions

Kernel: Don't ignore validation result in ptrace(PT_PEEK)

Browse source 
Also mark all of the address validation functions [[nodiscard]] to turn
this kind of bug into a compile error in the future.
This commit is contained in:
Andreas Kling 2020-04-13 22:40:38 +02:00
parent e432a27676
commit c8edcf1d71
2 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

20
Kernel/Process.h
View file

@ -326,14 +326,14 @@ public:
u32 m_ticks_in_user_for_dead_children { 0 }; u32 m_ticks_in_user_for_dead_children { 0 };
u32 m_ticks_in_kernel_for_dead_children { 0 }; u32 m_ticks_in_kernel_for_dead_children { 0 };
bool validate_read_from_kernel(VirtualAddress, size_t) const; [[nodiscard]] bool validate_read_from_kernel(VirtualAddress, size_t) const;
bool validate_read(const void*, size_t) const; [[nodiscard]] bool validate_read(const void*, size_t) const;
bool validate_write(void*, size_t) const; [[nodiscard]] bool validate_write(void*, size_t) const;
template<typename T> template<typename T>
bool validate_read_typed(T* value, size_t count = 1) { return validate_read(value, sizeof(T) * count); } [[nodiscard]] bool validate_read_typed(T* value, size_t count = 1) { return validate_read(value, sizeof(T) * count); }
template<typename T> template<typename T>
bool validate_read_and_copy_typed(T* dest, const T* src) [[nodiscard]] bool validate_read_and_copy_typed(T* dest, const T* src)
{ {
bool validated = validate_read_typed(src); bool validated = validate_read_typed(src);
if (validated) { if (validated) {
@ -342,14 +342,14 @@ public:
return validated; return validated;
} }
template<typename T> template<typename T>
bool validate_write_typed(T* value, size_t count = 1) { return validate_write(value, sizeof(T) * count); } [[nodiscard]] bool validate_write_typed(T* value, size_t count = 1) { return validate_write(value, sizeof(T) * count); }
template<typename DataType, typename SizeType> template<typename DataType, typename SizeType>
bool validate(const Syscall::MutableBufferArgument<DataType, SizeType>&); [[nodiscard]] bool validate(const Syscall::MutableBufferArgument<DataType, SizeType>&);
template<typename DataType, typename SizeType> template<typename DataType, typename SizeType>
bool validate(const Syscall::ImmutableBufferArgument<DataType, SizeType>&); [[nodiscard]] bool validate(const Syscall::ImmutableBufferArgument<DataType, SizeType>&);
String validate_and_copy_string_from_user(const char*, size_t) const; [[nodiscard]] String validate_and_copy_string_from_user(const char*, size_t) const;
String validate_and_copy_string_from_user(const Syscall::StringArgument&) const; [[nodiscard]] String validate_and_copy_string_from_user(const Syscall::StringArgument&) const;
Custody& current_directory(); Custody& current_directory();
Custody* executable() { return m_executable.ptr(); } Custody* executable() { return m_executable.ptr(); }

3
Kernel/Ptrace.cpp
View file

@ -113,7 +113,8 @@ KResultOr<u32> handle_syscall(const Kernel::Syscall::SC_ptrace_params& params, P
auto result = peer->process().peek_user_data(peek_params.address); auto result = peer->process().peek_user_data(peek_params.address);
if (result.is_error()) if (result.is_error())
return -EFAULT; return -EFAULT;
peer->process().validate_write(peek_params.out_data, sizeof(u32)); if (!peer->process().validate_write(peek_params.out_data, sizeof(u32)))
return -EFAULT;
copy_from_user(peek_params.out_data, &result.value()); copy_from_user(peek_params.out_data, &result.value());
break; break;
} }