From 28042f1c5f7ae8b42d9c8c340acfb372771d8c4f Mon Sep 17 00:00:00 2001
From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 02:07:33 -0300
Subject: [PATCH] security: add AIO validation for aio_nbytes (Fase 2)

---
 src/kernel/syscall.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c
index 28ca6169..9afb2fc0 100644
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -1619,6 +1619,14 @@ static int syscall_aio_rw_impl(void* user_cb, int is_write) {
         return 0;
     }
 
+    /* Validate aio_nbytes is reasonable (avoid DoS via huge allocations) */
+    if (cb.aio_nbytes > 16 * 1024 * 1024) {  /* Max 16MB per AIO operation */
+        cb.aio_error = EINVAL;
+        cb.aio_return = -EINVAL;
+        (void)copy_to_user(user_cb, &cb, sizeof(cb));
+        return 0;
+    }
+
     if (user_range_ok(cb.aio_buf, cb.aio_nbytes) == 0) {
         cb.aio_error = EFAULT;
         cb.aio_return = -EFAULT;
-- 
2.43.0