mirror of
https://github.com/HyperDbg/HyperDbg.git
synced 2026-07-09 17:19:26 +00:00
Merge pull request #585 from orbisai0security/fix-v-004-memcpy-zero-size-validation
fix: scriptenginefunctionmemcpy exposes a kernel-mod... in...
This commit is contained in:
commit
13ccf7c9b0
1 changed files with 11 additions and 0 deletions
|
|
@ -325,6 +325,17 @@ ScriptEngineFunctionMemcpy(UINT64 Destination, UINT64 Source, UINT32 Num, BOOL *
|
|||
UINT64 PrevReadLen = 0;
|
||||
BYTE MovingBuffer[DebuggerScriptEngineMemcpyMovingBufferSize] = {0};
|
||||
|
||||
//
|
||||
// Reject zero-length copies: a Num of 0 would pass address-range
|
||||
// validation vacuously (checking 0 bytes at any mapped page succeeds),
|
||||
// which could be abused as a kernel address-mapping oracle.
|
||||
//
|
||||
if (Num == 0)
|
||||
{
|
||||
*HasError = TRUE;
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef SCRIPT_ENGINE_USER_MODE
|
||||
|
||||
//
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue