]> Projects (at) Tadryanom (dot) Me - AdrOS.git/commit
projects / AdrOS.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d68750) | patch
fix(security): mq_receive_impl TOCTOU race — copy msg data under lock
authorTulio A M Mendes <[email protected]>
Sun, 5 Apr 2026 15:30:44 +0000 (12:30 -0300)
committerTulio A M Mendes <[email protected]>
Sun, 5 Apr 2026 15:30:44 +0000 (12:30 -0300)
commitfac5d10340df24a0cf17d170d71dddf1a00f509b
tree6c1b495f0b66b8d60a9e873f40354082eaacda5ftree | snapshot
parent6d68750e842b7849ee10a4d1acaea44b61c65403commit | diff
fix(security): mq_receive_impl TOCTOU race — copy msg data under lock

Mirror the mq_send_impl fix: copy message data into a kernel buffer
while holding mq_lock, then copy_to_user after release. Without this,
another thread could overwrite the dequeued slot via mq_send before
the copy_to_user completes.

Found during deep re-scan. All tests pass (102/103, 1 pre-existing timeout).
src/kernel/syscall.c diff | blob | blame | history
AdrOS - A Unix-like Operating System for hobby/academic study.