From 358e70b616aa02f85c834b57b718be08186af5e6 Mon Sep 17 00:00:00 2001
From: "K. Lange" <klange@toaruos.org>
Date: Wed, 29 Aug 2018 08:24:14 +0900
Subject: [PATCH] Add naive bounds checking for elf loading

---
 kernel/misc/elf.c    | 3 +++
 kernel/sys/syscall.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/kernel/misc/elf.c b/kernel/misc/elf.c
index f3c60906..488dd324 100644
--- a/kernel/misc/elf.c
+++ b/kernel/misc/elf.c
@@ -88,6 +88,9 @@ int exec_elf(char * path, fs_node_t * file, int argc, char ** argv, char ** env,
 		Elf32_Phdr phdr;
 		read_fs(file, header.e_phoff + x, sizeof(Elf32_Phdr), (uint8_t *)&phdr);
 		if (phdr.p_type == PT_LOAD) {
+			/* TODO: These virtual address bounds should be in a header somewhere */
+			if (phdr.p_vaddr < 0x20000000) return -EINVAL;
+			/* TODO Upper bounds */
 			for (uintptr_t i = phdr.p_vaddr; i < phdr.p_vaddr + phdr.p_memsz; i += 0x1000) {
 				/* This doesn't care if we already allocated this page */
 				alloc_frame(get_page(i, 1, current_directory), 0, 1);
diff --git a/kernel/sys/syscall.c b/kernel/sys/syscall.c
index 2a6a735b..d508ee12 100644
--- a/kernel/sys/syscall.c
+++ b/kernel/sys/syscall.c
@@ -638,6 +638,9 @@ static int sys_sysfunc(int fn, char ** args) {
 			{
 				/* Load pages to fit region. */
 				uintptr_t address = (uintptr_t)args[0];
+				/* TODO: These virtual address bounds should be in a header somewhere */
+				if (address < 0x20000000) return -EINVAL;
+				/* TODO: Upper bounds */
 				size_t size = (size_t)args[1];
 				/* TODO: Other arguments for read/write? */