mika/libnx
1
0
Fork 0
mirror of https://github.com/switchbrew/libnx.git synced 2025-06-21 20:42:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better argdata validation.

Browse Source
This commit is contained in:
yellows8 2018-02-03 21:06:23 -05:00
parent 7a9e43b684
commit 2103e40448
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nx/source/runtime/argv.c
View File

@ -20,8 +20,8 @@ void argvSetup(void)
u8 *argdata = (u8*)&__argdata__; u8 *argdata = (u8*)&__argdata__;
u32 *arg32 = (u32*)argdata; u32 *arg32 = (u32*)argdata;
u32 argdata_allocsize; u64 argdata_allocsize;
u32 argdata_strsize; u64 argdata_strsize;
u32 argvptr_pos; u32 argvptr_pos;
u32 max_argv; u32 max_argv;
u32 argi; u32 argi;
@ -35,6 +35,7 @@ void argvSetup(void)
__system_argc = 0; __system_argc = 0;
__system_argv = NULL; __system_argv = NULL;
memset(&meminfo, 0, sizeof(meminfo));
rc = svcQueryMemory(&meminfo, &pageinfo, (u64)argdata); rc = svcQueryMemory(&meminfo, &pageinfo, (u64)argdata);
// TODO: Use envHasArgv() here. // TODO: Use envHasArgv() here.
@ -43,12 +44,15 @@ void argvSetup(void)
if (R_FAILED(rc) || meminfo.perm != 0x3) if (R_FAILED(rc) || meminfo.perm != 0x3)
return; return;
argdata_allocsize = arg32[0]; argdata_allocsize = (u64)arg32[0];
argdata_strsize = arg32[1]; argdata_strsize = (u64)arg32[1];
args = (char*)&argdata[0x20]; args = (char*)&argdata[0x20];
if (argdata_allocsize==0 || argdata_strsize==0) return; if (argdata_allocsize==0 || argdata_strsize==0) return;
if ((u64)argdata < meminfo.addr) return;
if (((u64)argdata - meminfo.addr) + argdata_allocsize > meminfo.size) return;
argvptr_pos = 0x20 + argdata_strsize+1; argvptr_pos = 0x20 + argdata_strsize+1;
if (argvptr_pos >= argdata_allocsize) return; if (argvptr_pos >= argdata_allocsize) return;
argstorage = (char*)&argdata[argvptr_pos]; argstorage = (char*)&argdata[argvptr_pos];