hrev54878 adds 1 changeset to branch 'master'
old head: 7f9c675629bce77e811e6bf4dad38f0ea06a8bd5
new head: b181ea960ca3845d9d9b3baf0f87fcd353b8ece4
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=b181ea960ca3+%5E7f9c675629bc
----------------------------------------------------------------------------
b181ea960ca3: xsi_semget: fix possible way to crash the kernel
I don't know if the behavior makes sense, but anything is better than a
kernel crash. The ticket is an example calling the syscall directly,
so there is no user-oriented guarantee on how we behave here.
Fixes #16741.
Change-Id: I803596004d005c8c0e058c5422c4b0f7c78cfad8
Reviewed-on: https://review.haiku-os.org/c/haiku/+/3623
Reviewed-by: Rene Gollent <rene@xxxxxxxxxxx>
[ Adrien Destugues <adrien.destugues@xxxxxxxxxxxxxxxxxxxxx> ]
----------------------------------------------------------------------------
Revision: hrev54878
Commit: b181ea960ca3845d9d9b3baf0f87fcd353b8ece4
URL: https://git.haiku-os.org/haiku/commit/?id=b181ea960ca3
Author: Adrien Destugues <adrien.destugues@xxxxxxxxxxxxxxxxxxxxx>
Date: Sun Jan 10 19:30:58 2021 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Sun Jan 10 22:08:33 2021 UTC
Ticket: https://dev.haiku-os.org/ticket/16741
----------------------------------------------------------------------------
1 file changed, 6 insertions(+), 1 deletion(-)
src/system/kernel/posix/xsi_semaphore.cpp | 7 ++++++-
----------------------------------------------------------------------------
diff --git a/src/system/kernel/posix/xsi_semaphore.cpp
b/src/system/kernel/posix/xsi_semaphore.cpp
index a52028dc8c..24b47db5ab 100644
--- a/src/system/kernel/posix/xsi_semaphore.cpp
+++ b/src/system/kernel/posix/xsi_semaphore.cpp
@@ -771,7 +771,12 @@ _user_xsi_semget(key_t key, int numberOfSemaphores, int
flags)
MutexLocker _(sXsiSemaphoreSetLock);
semaphoreSet =
sSemaphoreHashTable.Lookup(semaphoreSetID);
- if (semaphoreSet == NULL ||
!semaphoreSet->HasPermission()) {
+ if (semaphoreSet == NULL) {
+ TRACE_ERROR(("xsi_semget: calling process has
no semaphore, "
+ "key %d\n", (int)key));
+ return EINVAL;
+ }
+ if (!semaphoreSet->HasPermission()) {
TRACE_ERROR(("xsi_semget: calling process has
no permission "
"on semaphore %d, key %d\n",
semaphoreSet->ID(),
(int)key));