SaferOSFile 0.01 (06 Sep 2019)  nemo 2019

SaferOSFile is a module that extends the file-loading OS_Files 12,14,16 &
255, adding a flag that causes them to check the file length is as stated
before loading the file, ensuring there can be no buffer overflow.

Problem

When working in a networked or preempted environment it is possible for a
file to change length between an OS_File,5 call to find its length and the
subsequent OS_File,255 call to load the file into a newly allocated buffer.
This causes a significant vulnerability and instability, including data
corruption, crashes and even remote code execution.

Solution

This module adds a flag in bit 30 of R3 when calling OS_File 12,14,16 and
255 (though only when bits 0-7 are zero - ie when the load address has been
supplied in R2). When R3b30 is set, R5 is the expected size of the file. If
the file is not exactly this length, it will not be loaded at all, and a
Buffer Overflow error occurs (even if the file was smaller than expected).

This allows programmers to continue to use the familiar OS_File,5 OS_File,255
pattern for loading data, whilst ensuring that an unexpected change of size
causes a predictable and controlled error report, and not memory corruption.
Note that it is safe to use this API even if the module is not present, as
OS_File,255 etc ignores R3b30 and R5 on entry, so existing behaviour is
preserved.

This module is currently at Beta test. Proceed with caution.

nemo, Sep 2019