diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-08-12 00:04:22 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-08-25 01:18:07 -0400 |
commit | da574983de9f9283ba35662c8723627096e160de (patch) | |
tree | 8e8b71b2a5eace01a3ed1975058de1f51a689e4f /arch/parisc/hpux | |
parent | 645e68ed4d14272f0b47e2474f90577191bef781 (diff) | |
download | kernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.zip kernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.tar.gz kernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.tar.bz2 |
[PATCH] fix hpux_getdents()
Missing checks for -EFAULT, broken handling of overflow.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch/parisc/hpux')
-rw-r--r-- | arch/parisc/hpux/fs.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c index 1263f00..69ff671 100644 --- a/arch/parisc/hpux/fs.c +++ b/arch/parisc/hpux/fs.c @@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, if (reclen > buf->count) return -EINVAL; d_ino = ino; - if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) + if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { + buf->error = -EOVERFLOW; return -EOVERFLOW; + } dirent = buf->previous; if (dirent) - put_user(offset, &dirent->d_off); + if (put_user(offset, &dirent->d_off)) + goto Efault; dirent = buf->current_dir; + if (put_user(d_ino, &dirent->d_ino) || + put_user(reclen, &dirent->d_reclen) || + put_user(namlen, &dirent->d_namlen) || + copy_to_user(dirent->d_name, name, namlen) || + put_user(0, dirent->d_name + namlen)) + goto Efault; buf->previous = dirent; - put_user(d_ino, &dirent->d_ino); - put_user(reclen, &dirent->d_reclen); - put_user(namlen, &dirent->d_namlen); - copy_to_user(dirent->d_name, name, namlen); - put_user(0, dirent->d_name + namlen); - dirent = (void __user *)dirent + reclen; - buf->current_dir = dirent; + buf->current_dir = (void __user *)dirent + reclen; buf->count -= reclen; return 0; +Efault: + buffer->error = -EFAULT; + return -EFAULT; } #undef NAME_OFFSET @@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i error = buf.error; lastdirent = buf.previous; if (lastdirent) { - put_user(file->f_pos, &lastdirent->d_off); - error = count - buf.count; + if (put_user(file->f_pos, &lastdirent->d_off)) + error = -EFAULT; + else + error = count - buf.count; } out_putf: |