From ed1ca4b8c1db9b6578eab3ff8807bb1a174aaccc Mon Sep 17 00:00:00 2001
From: Flavio Cruz <flaviocruz@gmail.com>
Date: Sun, 25 Feb 2024 01:46:38 -0500
Subject: Check for null ports in task_set_essential, task_set_name and
 thread_set_name.

Otherwise, it is easy to crash the kernel if userland passes arbitrary port
names.
Message-ID: <ZdriTgNhPsfu7c2M@jupiter.tail36e24.ts.net>
---
 kern/task.c   | 6 ++++++
 kern/thread.c | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/kern/task.c b/kern/task.c
index 60ab4d73..dfba04d4 100644
--- a/kern/task.c
+++ b/kern/task.c
@@ -1165,6 +1165,9 @@ task_set_name(
 	task_t			task,
 	const_kernel_debug_name_t	name)
 {
+	if (task == TASK_NULL)
+		return KERN_INVALID_ARGUMENT;
+
 	strncpy(task->name, name, sizeof task->name - 1);
 	task->name[sizeof task->name - 1] = '\0';
 	return KERN_SUCCESS;
@@ -1181,6 +1184,9 @@ task_set_essential(
 	task_t			task,
 	boolean_t		essential)
 {
+	if (task == TASK_NULL)
+		return KERN_INVALID_ARGUMENT;
+
 	task->essential = !!essential;
 	return KERN_SUCCESS;
 }
diff --git a/kern/thread.c b/kern/thread.c
index 2eab1ca4..eb73590c 100644
--- a/kern/thread.c
+++ b/kern/thread.c
@@ -2640,6 +2640,9 @@ thread_set_name(
 	thread_t	thread,
 	const_kernel_debug_name_t	name)
 {
+	if (thread == THREAD_NULL)
+		return KERN_INVALID_ARGUMENT;
+
 	strncpy(thread->name, name, sizeof thread->name - 1);
 	thread->name[sizeof thread->name - 1] = '\0';
 	return KERN_SUCCESS;
-- 
cgit v1.2.3