beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-26 09:30:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Kernel: Fix OOB write in sys$uname

Browse source 
Since this was only out of bounds of the specific field, not of the
whole struct, and because setting the hostname requires root privileges
this was not actually a security vulnerability.
This commit is contained in:
Idan Horowitz 2022-01-13 00:30:58 +02:00 committed by Brian Gianforcaro
parent 50d6a6a186
commit e72bbca9eb
Notes: sideshowbarker 2024-07-17 21:01:05 +09:00 
Author: https://github.com/IdanHo
Commit: https://github.com/SerenityOS/serenity/commit/e72bbca9ebf
Pull-request: https://github.com/SerenityOS/serenity/pull/11848
Reviewed-by: https://github.com/ADKaster
Reviewed-by: https://github.com/bgianfo
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Kernel/Syscalls/uname.cpp
View file

@ -24,7 +24,9 @@ ErrorOr<FlatPtr> Process::sys$uname(Userspace<utsname*> user_buf)
#endif
hostname().with_shared([&](const auto& name) {
memcpy(buf.nodename, name->characters(), name->length() + 1);
auto length = min(name->length(), UTSNAME_ENTRY_LEN - 1);
memcpy(buf.nodename, name->characters(), length);
buf.nodename[length] = '\0';
});
TRY(copy_to_user(user_buf, &buf));