RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:27:35 +00:00
Code Issues Activity Actions

Kernel: Avoid casting arbitrary user-controlled int to enum

Browse source 
This caused a load-invalid-value warning by KUBSan.

Found by fuzz-syscalls. Can be reproduced by running this in the Shell:

    $ syscall waitid [ 1234 ]
This commit is contained in:
Ben Wiederhake 2021-02-12 18:23:28 +01:00 committed by Andreas Kling
parent 9452281bec
commit e1db8094b6
1 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
Kernel/Syscalls/waitid.cpp
View file

@ -31,15 +31,6 @@ namespace Kernel {
KResultOr<siginfo_t> Process::do_waitid(idtype_t idtype, int id, int options) KResultOr<siginfo_t> Process::do_waitid(idtype_t idtype, int id, int options)
{ {
switch (idtype) {
case P_ALL:
case P_PID:
case P_PGID:
break;
default:
return EINVAL;
}
KResultOr<siginfo_t> result = KResult(KSuccess); KResultOr<siginfo_t> result = KResult(KSuccess);
if (Thread::current()->block<Thread::WaitBlocker>({}, options, idtype, id, result).was_interrupted()) if (Thread::current()->block<Thread::WaitBlocker>({}, options, idtype, id, result).was_interrupted())
return EINTR; return EINTR;
@ -55,6 +46,15 @@ pid_t Process::sys$waitid(Userspace<const Syscall::SC_waitid_params*> user_param
if (!copy_from_user(&params, user_params)) if (!copy_from_user(&params, user_params))
return -EFAULT; return -EFAULT;
switch (params.idtype) {
case P_ALL:
case P_PID:
case P_PGID:
break;
default:
return EINVAL;
}
dbgln_if(PROCESS_DEBUG, "sys$waitid({}, {}, {}, {})", params.idtype, params.id, params.infop, params.options); dbgln_if(PROCESS_DEBUG, "sys$waitid({}, {}, {}, {})", params.idtype, params.id, params.infop, params.options);
auto siginfo_or_error = do_waitid(static_cast<idtype_t>(params.idtype), params.id, params.options); auto siginfo_or_error = do_waitid(static_cast<idtype_t>(params.idtype), params.id, params.options);