mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-21 02:08:12 +03:00
Kernel: Prevent inconsistent state after invalid read
copy_from_user can fail, for example when the user-supplied pointer is just before the end of mapped address space. In that case, the first few bytes would get copied, permanently overwriting the internal state of the Socket, potentially leaving it in an inconsistent or at least difficult-to-predict state.
This commit is contained in:
parent
b7c5d977c7
commit
b374dd03bd
Notes:
sideshowbarker
2024-07-18 21:48:22 +09:00
Author: https://github.com/BenWiederhake Commit: https://github.com/SerenityOS/serenity/commit/b374dd03bdc Pull-request: https://github.com/SerenityOS/serenity/pull/5323 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/awesomekling Reviewed-by: https://github.com/bgianfo
@ -134,8 +134,12 @@ KResult Socket::setsockopt(int level, int option, Userspace<const void*> user_va
|
||||
case SO_TIMESTAMP:
|
||||
if (user_value_size != sizeof(int))
|
||||
return EINVAL;
|
||||
if (!copy_from_user(&m_timestamp, static_ptr_cast<const int*>(user_value)))
|
||||
return EFAULT;
|
||||
{
|
||||
int timestamp;
|
||||
if (!copy_from_user(×tamp, static_ptr_cast<const int*>(user_value)))
|
||||
return EFAULT;
|
||||
m_timestamp = timestamp;
|
||||
}
|
||||
if (m_timestamp && (domain() != AF_INET || type() == SOCK_STREAM)) {
|
||||
// FIXME: Support SO_TIMESTAMP for more protocols?
|
||||
m_timestamp = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user