From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 05:07:33 +0000 (-0300)
Subject: security: add AIO validation for aio_nbytes (Fase 2)
X-Git-Url: https://projects.tadryanom.me/?a=commitdiff_plain;h=28042f1c5f7ae8b42d9c8c340acfb372771d8c4f;p=AdrOS.git

security: add AIO validation for aio_nbytes (Fase 2)
---

diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c
index 28ca6169..9afb2fc0 100644
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -1619,6 +1619,14 @@ static int syscall_aio_rw_impl(void* user_cb, int is_write) {
         return 0;
     }
 
+    /* Validate aio_nbytes is reasonable (avoid DoS via huge allocations) */
+    if (cb.aio_nbytes > 16 * 1024 * 1024) {  /* Max 16MB per AIO operation */
+        cb.aio_error = EINVAL;
+        cb.aio_return = -EINVAL;
+        (void)copy_to_user(user_cb, &cb, sizeof(cb));
+        return 0;
+    }
+
     if (user_range_ok(cb.aio_buf, cb.aio_nbytes) == 0) {
         cb.aio_error = EFAULT;
         cb.aio_return = -EFAULT;