Make sure the IOCTL buffers are optional.
authorcoderain <coderain@sdf.org>
Sat, 8 Sep 2018 18:06:05 +0000 (20:06 +0200)
committercoderain <coderain@sdf.org>
Sat, 8 Sep 2018 18:06:05 +0000 (20:06 +0200)
kernel/src/device.c

index eac82c8e28426016c95efcd478fc5b7acd29bd8d..360eef689903726e3eb4894ac1f66e10237f55a6 100644 (file)
@@ -426,25 +426,37 @@ sysret_t syscall_device_ioctl(handle_t device, dword_t control_code, const void
 
     if (get_previous_mode() == USER_MODE)
     {
-        if (!check_usermode(in_buffer, in_length)) return ERR_BADPTR;
-        if (!check_usermode(out_buffer, out_length)) return ERR_BADPTR;
+        if (in_buffer && !check_usermode(in_buffer, in_length)) return ERR_BADPTR;
+        if (out_buffer && !check_usermode(out_buffer, out_length)) return ERR_BADPTR;
 
-        safe_in_buffer = (byte_t*)malloc(in_length);
-        safe_out_buffer = (byte_t*)malloc(out_length);
-        if ((safe_in_buffer == NULL) || (safe_out_buffer == NULL))
+        if (in_buffer)
         {
-            ret = ERR_NOMEMORY;
-            goto cleanup;
+            if ((safe_in_buffer = (byte_t*)malloc(in_length)) == NULL)
+            {
+                ret = ERR_NOMEMORY;
+                goto cleanup;
+            }
+
+            EH_TRY
+            {
+                memcpy(safe_in_buffer, in_buffer, in_length);
+            }
+            EH_CATCH
+            {
+                ret = ERR_BADPTR;
+                EH_ESCAPE(goto cleanup);
+            }
+            EH_DONE;
         }
 
-        EH_TRY
+        if (out_buffer)
         {
-            memcpy(safe_in_buffer, in_buffer, in_length);
+            if ((safe_out_buffer = (byte_t*)malloc(out_length)) == NULL)
+            {
+                ret = ERR_NOMEMORY;
+                goto cleanup;
+            }
         }
-        EH_CATCH ret = ERR_BADPTR;
-        EH_DONE;
-
-        if (ret != ERR_SUCCESS) goto cleanup;
     }
     else
     {