copyinmsg: Check that we have not overflown

This if of course too late in case of a failure, but better assert than get awful bugs, and it's really not supposed to happen.
author: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-10-01 17:35:01 +0200
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-10-01 19:33:20 +0200
commit: b63dea5ca946c3956637a7bf85a1002866b20cd6 (patch)
tree: 682eb89c30f95c85a4a2b158fcdfa867c2fa56c8 /x86_64
parent: 126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/x86_64/copy_user.c b/x86_64/copy_user.c
index 178a7545..0d3f301b 100644
--- a/x86_64/copy_user.c
+++ b/x86_64/copy_user.c
@@ -363,7 +363,7 @@ size_t msg_usize(const mach_msg_header_t *kmsg)
  * mach_msg_header have the same size in the kernel and user variant (basically
  * all fields except ports and addresses)
 */
-int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize)
+int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const size_t ksize)
 {
   const mach_msg_user_header_t *umsg = userbuf;
   mach_msg_header_t *kmsg = kernelbuf;
@@ -469,6 +469,7 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize)
     }
 
   kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg + 1);
+  assert(kmsg->msgh_size <= ksize);
   return 0;
 }
author	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-10-01 17:35:01 +0200
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-10-01 19:33:20 +0200
commit	b63dea5ca946c3956637a7bf85a1002866b20cd6 (patch)
tree	682eb89c30f95c85a4a2b158fcdfa867c2fa56c8 /x86_64
parent	126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d (diff)