[haiku-commits] r33570 - haiku/trunk/src/system/kernel/fs

• From: axeld@xxxxxxxxxxxxxxxx
• To: haiku-commits@xxxxxxxxxxxxx
• Date: Tue, 13 Oct 2009 09:19:18 +0200 (CEST)

Author: axeld
Date: 2009-10-13 09:19:18 +0200 (Tue, 13 Oct 2009)
New Revision: 33570
Changeset: http://dev.haiku-os.org/changeset/33570/haiku

Modified:
   haiku/trunk/src/system/kernel/fs/socket.cpp
Log:
* The network syscalls now check if you try to pass a non-userland address to
  them (which you previously could use to easily crash/take over Haiku).


Modified: haiku/trunk/src/system/kernel/fs/socket.cpp
===================================================================
--- haiku/trunk/src/system/kernel/fs/socket.cpp 2009-10-13 07:17:34 UTC (rev 
33569)
+++ haiku/trunk/src/system/kernel/fs/socket.cpp 2009-10-13 07:19:18 UTC (rev 
33570)
@@ -5,6 +5,7 @@
  * Distributed under the terms of the MIT License.
  */
 
+
 #include <sys/socket.h>
 
 #include <errno.h>
@@ -166,7 +167,7 @@
                vecsDeleter.SetTo(vecs);
 
                if (!IS_USER_ADDRESS(message.msg_iov)
-                               || user_memcpy(vecs, message.msg_iov,
+                       || user_memcpy(vecs, message.msg_iov,
                                        message.msg_iovlen * sizeof(iovec)) != 
B_OK) {
                        return B_BAD_ADDRESS;
                }
@@ -913,6 +914,9 @@
 ssize_t
 _user_recv(int socket, void *data, size_t length, int flags)
 {
+       if (data == NULL || !IS_USER_ADDRESS(data))
+               return B_BAD_ADDRESS;
+
        SyscallRestartWrapper<ssize_t> result;
        return result = common_recv(socket, data, length, flags, false);
 }
@@ -922,6 +926,9 @@
 _user_recvfrom(int socket, void *data, size_t length, int flags,
        struct sockaddr *userAddress, socklen_t *_addressLength)
 {
+       if (data == NULL || !IS_USER_ADDRESS(data))
+               return B_BAD_ADDRESS;
+
        // check parameters
        socklen_t addressLength = 0;
        status_t error = prepare_userland_address_result(userAddress,
@@ -1010,6 +1017,9 @@
 ssize_t
 _user_send(int socket, const void *data, size_t length, int flags)
 {
+       if (data == NULL || !IS_USER_ADDRESS(data))
+               return B_BAD_ADDRESS;
+
        SyscallRestartWrapper<ssize_t> result;
        return result = common_send(socket, data, length, flags, false);
 }
@@ -1019,8 +1029,11 @@
 _user_sendto(int socket, const void *data, size_t length, int flags,
        const struct sockaddr *userAddress, socklen_t addressLength)
 {
-// TODO: If this is a connection-mode socket, the address parameter is
-// supposed to be ignored.
+       if (data == NULL || !IS_USER_ADDRESS(data))
+               return B_BAD_ADDRESS;
+
+       // TODO: If this is a connection-mode socket, the address parameter is
+       // supposed to be ignored.
        if (userAddress == NULL || addressLength <= 0
                        || addressLength > MAX_SOCKET_ADDRESS_LENGTH) {
                return B_BAD_VALUE;

Other related posts:

• » [haiku-commits] r33570 - haiku/trunk/src/system/kernel/fs - axeld

1. Home
2. haiku-commits
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---