From d9e4ef3f76300a41b06f9e419a516bc0ef613812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Duval?= Date: Mon, 8 Jan 2018 21:36:25 +0100 Subject: [PATCH] dprintf: use user_memcpy/user_strlcpy to read the user buffer. * also check the user buffer address. --- src/add-ons/kernel/drivers/common/dprintf.cpp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/add-ons/kernel/drivers/common/dprintf.cpp b/src/add-ons/kernel/drivers/common/dprintf.cpp index 612a2b1e8f..1addfa201b 100644 --- a/src/add-ons/kernel/drivers/common/dprintf.cpp +++ b/src/add-ons/kernel/drivers/common/dprintf.cpp @@ -11,6 +11,7 @@ #include +#include #include #include @@ -70,11 +71,19 @@ dprintf_read(void *cookie, off_t pos, void *buffer, size_t *length) static status_t dprintf_write(void *cookie, off_t pos, const void *buffer, size_t *_length) { + if (!IS_USER_ADDRESS(buffer)) + return B_BAD_ADDRESS; const char *str = (const char*)buffer; int bytesLeft = *_length; while (bytesLeft > 0) { - int chunkSize = strnlen(str, bytesLeft); + ssize_t size = user_strlcpy(NULL, str, 0); + // there's no user_strnlen() + if (size < 0) + return 0; + int chunkSize = min_c(bytesLeft, (int)size); + // int chunkSize = strnlen(str, bytesLeft); + if (chunkSize == 0) { // null bytes -- skip str++; @@ -91,7 +100,7 @@ dprintf_write(void *cookie, off_t pos, const void *buffer, size_t *_length) char localBuffer[512]; if (bytesLeft > (int)sizeof(localBuffer) - 1) chunkSize = (int)sizeof(localBuffer) - 1; - memcpy(localBuffer, str, chunkSize); + user_memcpy(localBuffer, str, chunkSize); localBuffer[chunkSize] = '\0'; debug_puts(localBuffer, chunkSize);