/[linux-patches]/genpatches-2.6/trunk/2.6.14/1179_6_sysctl-string-termination.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1179_6_sysctl-string-termination.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 292 - (show annotations) (download) (as text)
Tue Jan 31 21:50:53 2006 UTC (14 years, 9 months ago) by johnm
File MIME type: text/x-diff
File size: 2307 byte(s)
Large update - thanks goes to Kerin Millar for the legwork.
1 From: Linus Torvalds <torvalds@osdl.org>
2 Date: Sat, 31 Dec 2005 05:59:41 +0000 (-0800)
3 Subject: [PATCH] sysctl: make sure to terminate strings with a NUL
4 X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.14.y.git;a=commitdiff;h=002cf2a8adbb7b9d9911f410e2db78c7a3798d14
5
6 [PATCH] sysctl: make sure to terminate strings with a NUL
7
8 This is a slightly more complete fix for the previous minimal sysctl
9 string fix. It always terminates the returned string with a NUL, even
10 if the full result wouldn't fit in the user-supplied buffer.
11
12 The returned length is the full untruncated length, so that you can
13 tell when truncation has occurred.
14
15 Signed-off-by: Linus Torvalds <torvalds@osdl.org>
16 [chrisw: inclusive of minimal fix so it's same as upstream]
17 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
18 ---
19
20 --- a/kernel/sysctl.c
21 +++ b/kernel/sysctl.c
22 @@ -2191,29 +2191,32 @@ int sysctl_string(ctl_table *table, int
23 void __user *oldval, size_t __user *oldlenp,
24 void __user *newval, size_t newlen, void **context)
25 {
26 - size_t l, len;
27 -
28 if (!table->data || !table->maxlen)
29 return -ENOTDIR;
30
31 if (oldval && oldlenp) {
32 - if (get_user(len, oldlenp))
33 + size_t bufsize;
34 + if (get_user(bufsize, oldlenp))
35 return -EFAULT;
36 - if (len) {
37 - l = strlen(table->data);
38 - if (len > l) len = l;
39 - if (len >= table->maxlen)
40 + if (bufsize) {
41 + size_t len = strlen(table->data), copied;
42 +
43 + /* This shouldn't trigger for a well-formed sysctl */
44 + if (len > table->maxlen)
45 len = table->maxlen;
46 - if(copy_to_user(oldval, table->data, len))
47 - return -EFAULT;
48 - if(put_user(0, ((char __user *) oldval) + len))
49 +
50 + /* Copy up to a max of bufsize-1 bytes of the string */
51 + copied = (len >= bufsize) ? bufsize - 1 : len;
52 +
53 + if (copy_to_user(oldval, table->data, copied) ||
54 + put_user(0, (char __user *)(oldval + copied)))
55 return -EFAULT;
56 - if(put_user(len, oldlenp))
57 + if (put_user(len, oldlenp))
58 return -EFAULT;
59 }
60 }
61 if (newval && newlen) {
62 - len = newlen;
63 + size_t len = newlen;
64 if (len > table->maxlen)
65 len = table->maxlen;
66 if(copy_from_user(table->data, newval, len))
67 @@ -2222,7 +2225,7 @@ int sysctl_string(ctl_table *table, int
68 len--;
69 ((char *) table->data)[len] = 0;
70 }
71 - return 0;
72 + return 1;
73 }
74
75 /*

  ViewVC Help
Powered by ViewVC 1.1.20