Kernel: apply security patch for 70 function(by Rgimad). Thanks Dunkaist for the corrections.

git-svn-id: svn://kolibrios.org@9698 a494cfbc-eb01-0410-851d-a64ba20cac60
2022-02-07 21:07:07 +00:00 · 2022-02-07 21:07:07 +00:00 · dac27e480b
parent 5b5a240f91
commit dac27e480b
2 changed files with 77 additions and 86 deletions
--- a/kernel/trunk/core/syscall.inc
+++ b/kernel/trunk/core/syscall.inc
@ -168,7 +168,7 @@ iglobal
      dd syscall_move_window     ; 67-Window move or resize
      dd f68                     ; 68-Some internal services
      dd sys_debug_services      ; 69-Debug
-      dd file_system_lfn         ; 70-Common file system interface, version 2
+      dd sys_file_system_lfn     ; 70-Common file system interface, version 2
      dd syscall_window_settings ; 71-Window settings
      dd sys_sendwindowmsg       ; 72-Send window message
      dd blit_32                 ; 73-blitter;
@ -178,7 +178,7 @@ iglobal
      dd sys_posix               ; posix support
      dd undefined_syscall       ; 78-free
      dd undefined_syscall       ; 79-free
-      dd fileSystemUnicode       ; 80-File system interface for different encodings
+      dd sys_fileSystemUnicode   ; 80-File system interface for different encodings
        times 255 - ( ($-servetable2) /4 )  dd undefined_syscall
      dd sys_end                 ; -1-end application
--- a/kernel/trunk/fs/fs_lfn.inc
+++ b/kernel/trunk/fs/fs_lfn.inc
@ -25,102 +25,93 @@ maxPathLength = 1000h
 image_of_eax EQU esp+32
 image_of_ebx EQU esp+20
-; ; System function 70 security check
+; System function 70 security check
-; align 4
+align 4
-; proc file_system_is_operation_safe stdcall, inf_struct_ptr: dword
+proc file_system_is_operation_safe stdcall, inf_struct_ptr: dword
-; ; in:
+; in:
-; ;      inf_struct_ptr = pointer to information structure was given to sysfn70
+;      inf_struct_ptr = pointer to information structure was given to sysfn70
-; ; out: ZF = 1 if operation is safe
+; out: ZF = 1 if operation is safe
-; ;      ZF = 0 if operation can cause kernel crash
+;      ZF = 0 if operation can cause kernel crash
-;         push    ebx ecx edx
+        push    ebx ecx edx
-;         xor     ecx, ecx ; ecx - length of target buffer
+        xor     ecx, ecx ; ecx - length of target buffer
-;         mov     ebx, [inf_struct_ptr]
+        mov     ebx, [inf_struct_ptr]
-;         mov     edx, [ebx + 16] ; base of target buffer
+        mov     edx, [ebx + 16] ; base of target buffer
-;         cmp     dword [ebx], 0 ; if 70.0
+        cmp     dword [ebx], 0 ; if 70.0
-;         jnz     .case1
+        jnz     .case1
-;         mov     ecx, dword [ebx + 12]
+        mov     ecx, dword [ebx + 12]
-;         jmp     .end_switch
+        jmp     .end_switch
-; .case1:
+.case1:
-;         cmp     dword [ebx], 1 ; if 70.1
+        cmp     dword [ebx], 1 ; if 70.1
-;         jnz     .case2_3
+        jnz     .case2_3
-;         ;mov     ecx, 32
+        ;mov     ecx, 32
-;         cmp     dword [ebx + 8], 1 ; check encoding
+        cmp     dword [ebx + 8], 1 ; check encoding
-;         jbe     .case1_304 ; if encdoing <= 1 i.e cpp866 
+        jbe     .case1_304 ; if encdoing <= 1 i.e cpp866 
-;         mov     ecx, 560 ; if unicode then bdvk block len is 560 bytes
+        mov     ecx, 560 ; if unicode then bdvk block len is 560 bytes
-;         jmp     .case1_end
+        jmp     .case1_end
-; .case1_304:
+.case1_304:
-;         mov     ecx, 304 ; if cp866 then bdvk block len is 304 bytes
+        mov     ecx, 304 ; if cp866 then bdvk block len is 304 bytes
-; .case1_end:
+.case1_end:
-;         imul    ecx, dword [ebx + 12] ; multiply bdvk length by their count
+        imul    ecx, dword [ebx + 12] ; multiply bdvk length by their count
-;         add     ecx, 32 ; add result header len
+        add     ecx, 32 ; add result header len
-;         jmp     .end_switch
+        jmp     .end_switch
-; .case2_3:
+.case2_3:
-;         cmp     dword [ebx], 3
+        cmp     dword [ebx], 3
-;         ja      .case5 ; if subfn > 3
+        ja      .case5 ; if subfn > 3
-;         mov     ecx, dword [ebx + 12]
+        mov     ecx, dword [ebx + 12]
-;         jmp     .end_switch
+        jmp     .end_switch
-; .case5:
+.case5:
-;         cmp     dword [ebx], 5
+        cmp     dword [ebx], 5
-;         jnz     .case6
+        jnz     .case6
-;         mov     ecx, 40
+        mov     ecx, 40
-;         jmp     .end_switch
+        jmp     .end_switch
-; .case6:
+.case6:
-;         cmp     dword [ebx], 6
+        cmp     dword [ebx], 6
-;         jnz     .switch_none
+        jnz     .switch_none
-;         mov     ecx, 32
+        mov     ecx, 32
-;         jmp     .end_switch
+        jmp     .end_switch
-; .switch_none:
+.switch_none:
-;         mov     ecx, 1
+        cmp     ecx, ecx
-;         test    ecx, ecx
+        jmp     .ret
-;         jmp     .ret
+      
-        
+.end_switch:
-; .end_switch:
+        stdcall is_region_userspace, edx, ecx
-;         ;;
+.ret:
-;         stdcall is_region_userspace, edx, ecx
+        pop     edx ecx ebx
-; .ret:
+        ret
-;         pop     edx ecx ebx
+endp
 ;         ret
 ; endp
-; syscall_fileSystemUnicode: ; with user pointer correctness checking
+sys_fileSystemUnicode: ; with user pointer correctness checking
-; ; in: ebx -> f.80 parameter structure
+; in: ebx -> f.80 parameter structure
-;         stdcall file_system_is_operation_safe, ebx
+        stdcall file_system_is_operation_safe, ebx
-;         jz      @f
+        jz      @f
-;         DEBUGF  1, "sysfn80 addr error\n"
+        DEBUGF  1, "sysfn80 addr error\n"
-;         mov     dword [image_of_eax], ERROR_MEMORY_POINTER
+        mov     dword [image_of_eax], ERROR_MEMORY_POINTER
-;         ret
+        ret
-; @@:
+@@:
-;         jmp     fileSystemUnicode
+        jmp     fileSystemUnicode
-; temporarily commented out cause acpi driver (drivers/devman) uses sysfn70 via 0x40
+;System function 70
-; so because drivers it kernel space, pointer checking fails
+sys_file_system_lfn: ; with user pointer correctness checking
-; TODO solution: add filesystem functions without pointer checking to kernel exports
+; in: ebx -> f.70 parameter structure
-; and make the driver use them, not int 0x40
+        stdcall file_system_is_operation_safe, ebx
-; syscall_fileSystemUnicode commented out for the same reason
+        jz      @f
 ; syscall_file_system_lfn: ; with user pointer correctness checking
 ; ; in: ebx -> f.70 parameter structure
 ;         stdcall file_system_is_operation_safe, ebx
 ;         jz      @f
-;         DEBUGF  1, "sysfn70 addr error\n"
+        DEBUGF  1, "sysfn70 addr error\n"
-;         mov     dword [image_of_eax], ERROR_MEMORY_POINTER
+        mov     dword [image_of_eax], ERROR_MEMORY_POINTER
-;         ret
+        ret
-; @@:
+@@:
-;         jmp     file_system_lfn
+        jmp     file_system_lfn
-
+;file_system_lfn_protected returns values not in registers, but in their images
-; System function 70
+;on stack. Make a short wrapper to actually return values in registers.
 ; file_system_lfn_protected returns values not in registers, but in their images
 ; on stack. Make a short wrapper to actually return values in registers.
 file_system_lfn_protected_registers:
        pushad
        call    file_system_lfn_protected