[haiku-commits] haiku: hrev51746 - src/add-ons/kernel/drivers/common

  • From: jerome.duval@xxxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Wed, 10 Jan 2018 14:09:07 -0500 (EST)

hrev51746 adds 1 changeset to branch 'master'
old head: a31e05bb68356270b1c0d05d684c62a9b29f51c3
new head: d9e4ef3f76300a41b06f9e419a516bc0ef613812
overview: 
http://cgit.haiku-os.org/haiku/log/?qt=range&q=d9e4ef3f7630+%5Ea31e05bb6835

----------------------------------------------------------------------------

d9e4ef3f7630: dprintf: use user_memcpy/user_strlcpy to read the user buffer.
  
  * also check the user buffer address.

                                   [ Jérôme Duval <jerome.duval@xxxxxxxxx> ]

----------------------------------------------------------------------------

Revision:    hrev51746
Commit:      d9e4ef3f76300a41b06f9e419a516bc0ef613812
URL:         http://cgit.haiku-os.org/haiku/commit/?id=d9e4ef3f7630
Author:      Jérôme Duval <jerome.duval@xxxxxxxxx>
Date:        Mon Jan  8 20:36:25 2018 UTC

----------------------------------------------------------------------------

1 file changed, 11 insertions(+), 2 deletions(-)
src/add-ons/kernel/drivers/common/dprintf.cpp | 13 +++++++++++--

----------------------------------------------------------------------------

diff --git a/src/add-ons/kernel/drivers/common/dprintf.cpp 
b/src/add-ons/kernel/drivers/common/dprintf.cpp
index 612a2b1e8f..1addfa201b 100644
--- a/src/add-ons/kernel/drivers/common/dprintf.cpp
+++ b/src/add-ons/kernel/drivers/common/dprintf.cpp
@@ -11,6 +11,7 @@
 
 
 #include <debug.h>
+#include <kernel.h>
 
 #include <Drivers.h>
 #include <KernelExport.h>
@@ -70,11 +71,19 @@ dprintf_read(void *cookie, off_t pos, void *buffer, size_t 
*length)
 static status_t
 dprintf_write(void *cookie, off_t pos, const void *buffer, size_t *_length)
 {
+       if (!IS_USER_ADDRESS(buffer))
+               return B_BAD_ADDRESS;
        const char *str = (const char*)buffer;
 
        int bytesLeft = *_length;
        while (bytesLeft > 0) {
-               int chunkSize = strnlen(str, bytesLeft);
+               ssize_t size = user_strlcpy(NULL, str, 0);
+                       // there's no user_strnlen()
+               if (size < 0)
+                       return 0;
+               int chunkSize = min_c(bytesLeft, (int)size);
+               // int chunkSize = strnlen(str, bytesLeft);
+
                if (chunkSize == 0) {
                        // null bytes -- skip
                        str++;
@@ -91,7 +100,7 @@ dprintf_write(void *cookie, off_t pos, const void *buffer, 
size_t *_length)
                                char localBuffer[512];
                                if (bytesLeft > (int)sizeof(localBuffer) - 1)
                                        chunkSize = (int)sizeof(localBuffer) - 
1;
-                               memcpy(localBuffer, str, chunkSize);
+                               user_memcpy(localBuffer, str, chunkSize);
                                localBuffer[chunkSize] = '\0';
 
                                debug_puts(localBuffer, chunkSize);


Other related posts:

  • » [haiku-commits] haiku: hrev51746 - src/add-ons/kernel/drivers/common - jerome . duval
  1. Home
  2. haiku-commits
  3. Archive
  4. 01-2018