From 38c4c8bfa9c2efdb308af4a0a7e6ad2a3831d204 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Revol?= <revol@free.fr>
Date: Thu, 21 Feb 2019 03:13:24 +0100
Subject: [PATCH] kernel: fix mount arguments checks from userland

Since NULL is not considered a user address anymore, we must check for
it first.

This fixes the "mount: Bad address" error after hrev52905.

Change-Id: If60ea58bb81b6c35c6bf27ecfa9b29bd7a25d8aa
---
 src/system/kernel/fs/vfs.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/system/kernel/fs/vfs.cpp b/src/system/kernel/fs/vfs.cpp
index 71657ae439..405b5832fe 100644
--- a/src/system/kernel/fs/vfs.cpp
+++ b/src/system/kernel/fs/vfs.cpp
@@ -8789,9 +8789,7 @@ _user_mount(const char* userPath, const char* userDevice,
 	char* args = NULL;
 	status_t status;
 
-	if (!IS_USER_ADDRESS(userPath)
-		|| !IS_USER_ADDRESS(userFileSystem)
-		|| !IS_USER_ADDRESS(userDevice))
+	if (!IS_USER_ADDRESS(userPath))
 		return B_BAD_ADDRESS;
 
 	if (path.InitCheck() != B_OK || device.InitCheck() != B_OK)
@@ -8803,12 +8801,18 @@ _user_mount(const char* userPath, const char* userDevice,
 		return status;
 
 	if (userFileSystem != NULL) {
+		if (!IS_USER_ADDRESS(userFileSystem))
+			return B_BAD_ADDRESS;
+
 		status = user_copy_name(fileSystem, userFileSystem, sizeof(fileSystem));
 		if (status != B_OK)
 			return status;
 	}
 
 	if (userDevice != NULL) {
+		if (!IS_USER_ADDRESS(userDevice))
+			return B_BAD_ADDRESS;
+
 		status = user_copy_name(device.LockBuffer(), userDevice,
 			B_PATH_NAME_LENGTH);
 		if (status != B_OK)