From b68d872bdbfe1d2442f1191ac48e8fd8daf9e856 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Duval?= <jerome.duval@gmail.com>
Date: Sat, 6 Jan 2018 16:04:45 +0100
Subject: [PATCH] kernel: apm: check buffer parameter in apm_control syscall

---
 src/system/kernel/arch/x86/32/apm.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/system/kernel/arch/x86/32/apm.cpp b/src/system/kernel/arch/x86/32/apm.cpp
index c5174485da..23f21f9c04 100644
--- a/src/system/kernel/arch/x86/32/apm.cpp
+++ b/src/system/kernel/arch/x86/32/apm.cpp
@@ -9,6 +9,7 @@
 #include <apm.h>
 #include <descriptors.h>
 #include <generic_syscall.h>
+#include <kernel.h>
 #include <safemode.h>
 #include <boot/kernel_args.h>
 
@@ -245,6 +246,8 @@ apm_control(const char *subsystem, uint32 function,
 			if (status < B_OK)
 				return status;
 
+			if (buffer == NULL || !IS_USER_ADDRESS(buffer))
+				return B_BAD_ADDRESS;
 			return user_memcpy(buffer, &info, sizeof(struct apm_battery_info));
 	}