LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-21 02:08:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Prevent inconsistent state after invalid read

Browse Source 
copy_from_user can fail, for example when the user-supplied pointer is just before
the end of mapped address space. In that case, the first few bytes would get copied,
permanently overwriting the internal state of the Socket, potentially leaving it
in an inconsistent or at least difficult-to-predict state.
This commit is contained in:
Ben Wiederhake 2021-02-21 20:03:44 +01:00 committed by Andreas Kling
parent b7c5d977c7
commit b374dd03bd
Notes: sideshowbarker 2024-07-18 21:48:22 +09:00 
Author: https://github.com/BenWiederhake
Commit: https://github.com/SerenityOS/serenity/commit/b374dd03bdc
Pull-request: https://github.com/SerenityOS/serenity/pull/5323
Reviewed-by: https://github.com/ADKaster
Reviewed-by: https://github.com/awesomekling
Reviewed-by: https://github.com/bgianfo
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Kernel/Net/Socket.cpp
View File

@ -134,8 +134,12 @@ KResult Socket::setsockopt(int level, int option, Userspace<const void*> user_va
case SO_TIMESTAMP:
if (user_value_size != sizeof(int))
return EINVAL;
if (!copy_from_user(&m_timestamp, static_ptr_cast<const int*>(user_value)))
return EFAULT;
{
int timestamp;
if (!copy_from_user(&timestamp, static_ptr_cast<const int*>(user_value)))
return EFAULT;
m_timestamp = timestamp;
}
if (m_timestamp && (domain() != AF_INET || type() == SOCK_STREAM)) {
// FIXME: Support SO_TIMESTAMP for more protocols?
m_timestamp = 0;