From 51facdb6a36646d5e840b8fbd4e8652ecd480cad Mon Sep 17 00:00:00 2001 From: Reece Wilson Date: Thu, 11 Aug 2022 12:28:20 +0100 Subject: [PATCH] [+] IProcessSectionView::MapIPCMemory now takes a 'length' parameter --- Include/Aurora/Process/IProcessSectionView.hpp | 1 + Source/Process/ProcessSectionView.NT.cpp | 11 +++++++++-- Source/Process/ProcessSectionView.NT.hpp | 1 + Source/Process/ProcessSectionView.Unix.cpp | 13 ++++++++++++- Source/Process/ProcessSectionView.Unix.hpp | 1 + 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/Include/Aurora/Process/IProcessSectionView.hpp b/Include/Aurora/Process/IProcessSectionView.hpp index 37ed0a72..5d55f035 100644 --- a/Include/Aurora/Process/IProcessSectionView.hpp +++ b/Include/Aurora/Process/IProcessSectionView.hpp @@ -29,6 +29,7 @@ namespace Aurora::Process virtual AuSPtr MapIPCMemory(const AuString &handle, AuUInt64 offset, + AuUInt64 length, Aurora::IO::FS::EFileOpenMode mode) = 0; }; diff --git a/Source/Process/ProcessSectionView.NT.cpp b/Source/Process/ProcessSectionView.NT.cpp index 5c0538f5..b7c1e319 100644 --- a/Source/Process/ProcessSectionView.NT.cpp +++ b/Source/Process/ProcessSectionView.NT.cpp @@ -176,6 +176,7 @@ namespace Aurora::Process AuSPtr ProcessSectionView::MapIPCMemory(const AuString &handleString, AuUInt64 offset, + AuUInt64 length, AuFS::EFileOpenMode mode) { AuIPC::IPCHandle handle; @@ -195,8 +196,14 @@ namespace Aurora::Process return {}; } - auto length = token->token.word; - auto path = token->token.ToNTPath(); + auto actualLength = token->token.word; + auto path = token->token.ToNTPath(); + + if (actualLength < offset + length) + { + SysPushErrorIO("Out of range"); + return {}; + } switch (mode) { diff --git a/Source/Process/ProcessSectionView.NT.hpp b/Source/Process/ProcessSectionView.NT.hpp index f81eec40..2c448737 100644 --- a/Source/Process/ProcessSectionView.NT.hpp +++ b/Source/Process/ProcessSectionView.NT.hpp @@ -27,6 +27,7 @@ namespace Aurora::Process AuSPtr MapIPCMemory(const AuString &handle, AuUInt64 offset, + AuUInt64 length, AuFS::EFileOpenMode mode) override; }; diff --git a/Source/Process/ProcessSectionView.Unix.cpp b/Source/Process/ProcessSectionView.Unix.cpp index e5284e65..ee8991da 100755 --- a/Source/Process/ProcessSectionView.Unix.cpp +++ b/Source/Process/ProcessSectionView.Unix.cpp @@ -115,6 +115,7 @@ namespace Aurora::Process AuSPtr ProcessSectionView::MapIPCMemory(const AuString &handleString, AuUInt64 offset, + AuUInt64 length, AuFS::EFileOpenMode mode) { AuIPC::IPCHandle handle; @@ -132,7 +133,15 @@ namespace Aurora::Process return {}; } - auto path = AuIPC::GetServerPath(val->token); + auto actualLength = val->token.word; + auto path = AuIPC::GetServerPath(val->token); + + if (actualLength < offset + length) + { + SysPushErrorIO("Out of range"); + return {}; + } + int fd = ::shm_open(path.c_str(), O_RDWR, S_IRUSR | S_IWUSR); if (fd == -1) { @@ -140,6 +149,8 @@ namespace Aurora::Process return {}; } + // TODO (Reece): lock garbage ( ??? ) + int prot {}; switch (mode) { diff --git a/Source/Process/ProcessSectionView.Unix.hpp b/Source/Process/ProcessSectionView.Unix.hpp index 9eb5d3fc..c67f8d32 100755 --- a/Source/Process/ProcessSectionView.Unix.hpp +++ b/Source/Process/ProcessSectionView.Unix.hpp @@ -27,6 +27,7 @@ namespace Aurora::Process AuSPtr MapIPCMemory(const AuString &handle, AuUInt64 offset, + AuUInt64 length, AuFS::EFileOpenMode mode) override; };