Commit 816931f9 authored by Petr Vandrovec's avatar Petr Vandrovec Committed by Linus Torvalds

[PATCH] new sysctl checking accesses userspace directly

The recent change from Andi breaks here: tmp.name is user pointer, not
array in __sysctl_args, and so it is better to access it through
copy_from_user instead of directly.
parent 692dd963
...@@ -848,17 +848,25 @@ int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *ol ...@@ -848,17 +848,25 @@ int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *ol
asmlinkage long sys_sysctl(struct __sysctl_args __user *args) asmlinkage long sys_sysctl(struct __sysctl_args __user *args)
{ {
struct __sysctl_args tmp; struct __sysctl_args tmp;
int name[2];
int error; int error;
if (copy_from_user(&tmp, args, sizeof(tmp))) if (copy_from_user(&tmp, args, sizeof(tmp)))
return -EFAULT; return -EFAULT;
if (tmp.nlen != 2 || tmp.name[0] != CTL_KERN || if (tmp.nlen != 2 || copy_from_user(name, tmp.name, sizeof(name)) ||
tmp.name[1] != KERN_VERSION) { name[0] != CTL_KERN || name[1] != KERN_VERSION) {
int i; int i;
printk(KERN_INFO "%s: numerical sysctl ", current->comm); printk(KERN_INFO "%s: numerical sysctl ", current->comm);
for (i = 0; i < tmp.nlen; i++) for (i = 0; i < tmp.nlen; i++) {
printk("%d ", tmp.name[i]); int n;
if (get_user(n, tmp.name+i)) {
printk("? ");
} else {
printk("%d ", n);
}
}
printk("is obsolete.\n"); printk("is obsolete.\n");
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment