tacit/minix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add bounds check to prevent memory corruption and integer overflow

Browse Source 
This change adds a bounds check to make sure userland can't overflow a kernel stack buffer. In addition the change also prevents an integer overflow from occurring.
This commit is contained in:
Ilja van Sprundel 2019-10-05 21:56:07 +02:00 committed by GitHub
parent 02d84e8433
commit 439ac04a65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
minix/kernel/system/do_safecopy.c
View File

@ -412,6 +412,9 @@ int do_vsafecopy(struct proc * caller, message * m_ptr)
/* No. of vector elements. */
els = m_ptr->m_lsys_kern_vsafecopy.vec_size;
if (els > SCPVEC_NR) {
return EINVAL;
}
bytes = els * sizeof(struct vscp_vec);
/* Obtain vector of copies. */