security: add AIO validation for aio_nbytes (Fase 2)

author Tulio A M Mendes <[email protected]>

Tue, 26 May 2026 05:07:33 +0000 (02:07 -0300)

committer Tulio A M Mendes <[email protected]>

Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
author Tulio A M Mendes <[email protected]>
Tue, 26 May 2026 05:07:33 +0000 (02:07 -0300)
committer Tulio A M Mendes <[email protected]>
Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c

index 28ca61699ccfed08327a14d288812f059e0f5115..9afb2fc08ac2434a2e829df882b92c809e6c245b 100644 (file)
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -1619,6 +1619,14 @@ static int syscall_aio_rw_impl(void* user_cb, int is_write) {
          return 0;
      }
  
+    /* Validate aio_nbytes is reasonable (avoid DoS via huge allocations) */
+    if (cb.aio_nbytes > 16 * 1024 * 1024) {  /* Max 16MB per AIO operation */
+        cb.aio_error = EINVAL;
+        cb.aio_return = -EINVAL;
+        (void)copy_to_user(user_cb, &cb, sizeof(cb));
+        return 0;
+    }
+
      if (user_range_ok(cb.aio_buf, cb.aio_nbytes) == 0) {
          cb.aio_error = EFAULT;
          cb.aio_return = -EFAULT;
author	Tulio A M Mendes <[email protected]>
	Tue, 26 May 2026 05:07:33 +0000 (02:07 -0300)
committer	Tulio A M Mendes <[email protected]>
	Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)