Kernel: Avoid casting arbitrary user-controlled int to enum

This caused a load-invalid-value warning by KUBSan. Found by fuzz-syscalls. Can be reproduced by running this in the Shell: $ syscall waitid [ 1234 ]
Author: https://github.com/BenWiederhake Commit: https://github.com/SerenityOS/serenity/commit/e1db8094b61 Pull-request: https://github.com/SerenityOS/serenity/pull/5294
2024-12-04 05:20:30 +00:00 · 2021-02-12 18:23:28 +01:00 · 2021-02-12 18:23:28 +01:00 · e1db8094b6 · 2024-07-18 22:22:51 +09:00
commit e1db8094b6
parent 9452281bec
1 changed files with 9 additions and 9 deletions
--- a/Kernel/Syscalls/waitid.cpp
+++ b/Kernel/Syscalls/waitid.cpp
@ -31,15 +31,6 @@ namespace Kernel {

 KResultOr<siginfo_t> Process::do_waitid(idtype_t idtype, int id, int options)
 {
-    switch (idtype) {
-    case P_ALL:
-    case P_PID:
-    case P_PGID:
-        break;
-    default:
-        return EINVAL;
-    }
-
    KResultOr<siginfo_t> result = KResult(KSuccess);
    if (Thread::current()->block<Thread::WaitBlocker>({}, options, idtype, id, result).was_interrupted())
        return EINTR;
@ -55,6 +46,15 @@ pid_t Process::sys$waitid(Userspace<const Syscall::SC_waitid_params*> user_param
    if (!copy_from_user(&params, user_params))
        return -EFAULT;

+    switch (params.idtype) {
+    case P_ALL:
+    case P_PID:
+    case P_PGID:
+        break;
+    default:
+        return EINVAL;
+    }
+
    dbgln_if(PROCESS_DEBUG, "sys$waitid({}, {}, {}, {})", params.idtype, params.id, params.infop, params.options);

    auto siginfo_or_error = do_waitid(static_cast<idtype_t>(params.idtype), params.id, params.options);