Kernel: Harden sys$execve Vector usage against OOM.

Author: https://github.com/bgianfo Commit: https://github.com/SerenityOS/serenity/commit/119b7be2499 Pull-request: https://github.com/SerenityOS/serenity/pull/6733
2024-11-11 01:06:01 +03:00 · 2021-04-29 01:40:19 -07:00 · 2021-04-29 01:40:19 -07:00 · 119b7be249 · 2024-07-18 18:54:07 +09:00
commit 119b7be249
parent 454d2fd42a
1 changed files with 8 additions and 4 deletions
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@ -96,13 +96,15 @@ static KResultOr<FlatPtr> make_userspace_stack_for_main_thread(Region& region, V
    Vector<FlatPtr> argv_entries;
    for (auto& argument : arguments) {
        push_string_on_new_stack(argument);
-        argv_entries.append(new_esp);
+        if (!argv_entries.try_append(new_esp))
+            return ENOMEM;
    }

    Vector<FlatPtr> env_entries;
    for (auto& variable : environment) {
        push_string_on_new_stack(variable);
-        env_entries.append(new_esp);
+        if (!env_entries.try_append(new_esp))
+            return ENOMEM;
    }

    for (auto& value : auxiliary_values) {
@ -912,14 +914,16 @@ KResultOr<int> Process::sys$execve(Userspace<const Syscall::SC_execve_params*> u
        if (size.has_overflow())
            return false;
        Vector<Syscall::StringArgument, 32> strings;
-        strings.resize(list.length);
+        if (!strings.try_resize(list.length))
+            return false;
        if (!copy_from_user(strings.data(), list.strings, list.length * sizeof(*list.strings)))
            return false;
        for (size_t i = 0; i < list.length; ++i) {
            auto string = copy_string_from_user(strings[i]);
            if (string.is_null())
                return false;
-            output.append(move(string));
+            if (!output.try_append(move(string)))
+                return false;
        }
        return true;
    };