ladybird/Kernel/Syscalls/uname.cpp
Idan Horowitz e72bbca9eb Kernel: Fix OOB write in sys$uname
Since this was only out of bounds of the specific field, not of the
whole struct, and because setting the hostname requires root privileges
this was not actually a security vulnerability.
2022-01-13 00:20:08 -08:00

36 lines
834 B
C++

/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <Kernel/Process.h>
namespace Kernel {
ErrorOr<FlatPtr> Process::sys$uname(Userspace<utsname*> user_buf)
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
TRY(require_promise(Pledge::stdio));
utsname buf {};
memcpy(buf.sysname, "SerenityOS", 11);
memcpy(buf.release, "1.0-dev", 8);
memcpy(buf.version, "FIXME", 6);
#if ARCH(I386)
memcpy(buf.machine, "i686", 5);
#else
memcpy(buf.machine, "x86_64", 7);
#endif
hostname().with_shared([&](const auto& name) {
auto length = min(name->length(), UTSNAME_ENTRY_LEN - 1);
memcpy(buf.nodename, name->characters(), length);
buf.nodename[length] = '\0';
});
TRY(copy_to_user(user_buf, &buf));
return 0;
}
}