From 64c415819ba69da06a4e637e12880feda3653efb Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Tue, 7 Oct 2025 12:42:46 -0400
Subject: kern: os: Verify access semantics in fd_write()

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 src/sys/os/os_filedes.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'src/sys/os/os_filedes.c')

diff --git a/src/sys/os/os_filedes.c b/src/sys/os/os_filedes.c
index 817bd47..6fa3e5a 100644
--- a/src/sys/os/os_filedes.c
+++ b/src/sys/os/os_filedes.c
@@ -30,6 +30,7 @@
 #include <sys/syscall.h>
 #include <sys/syslog.h>
 #include <sys/errno.h>
+#include <sys/fcntl.h>
 #include <sys/limits.h>
 #include <sys/proc.h>
 #include <sys/namei.h>
@@ -225,17 +226,33 @@ fdtab_init(struct proc *procp)
 ssize_t
 write(int fd, const void *buf, size_t count)
 {
+    struct proc *self = proc_self();
+    struct filedesc *fdp;
     int error;
     char kbuf[1024];
 
+    if (self == NULL) {
+        return -ESRCH;
+    }
+
     /* Must be valid */
     error = proc_check_addr(proc_self(), (uintptr_t)buf, count);
     if (error < 0) {
         return error;
     }
 
-    memcpy(kbuf, buf, count);
+    /* Get the file descriptor structure */
+    fdp = fd_get(self, fd);
+    if (fdp == NULL) {
+        return -EBADF;
+    }
 
+    /* We need to be able to write it */
+    if ((fdp->mode & (O_WRONLY| O_RDWR)) == 0) {
+        return -EPERM;
+    }
+
+    memcpy(kbuf, buf, count);
     switch (fd) {
     case STDOUT_FILENO:
         cons_putstr(
-- 
cgit v1.2.3