aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-08-12 00:04:22 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-08-25 01:18:07 -0400
commitda574983de9f9283ba35662c8723627096e160de (patch)
tree8e8b71b2a5eace01a3ed1975058de1f51a689e4f /arch
parent645e68ed4d14272f0b47e2474f90577191bef781 (diff)
downloadkernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.zip
kernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.tar.gz
kernel_goldelico_gta04-da574983de9f9283ba35662c8723627096e160de.tar.bz2
[PATCH] fix hpux_getdents()
Missing checks for -EFAULT, broken handling of overflow. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch')
-rw-r--r--arch/parisc/hpux/fs.c30
1 files changed, 19 insertions, 11 deletions
diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c
index 1263f00..69ff671 100644
--- a/arch/parisc/hpux/fs.c
+++ b/arch/parisc/hpux/fs.c
@@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
if (reclen > buf->count)
return -EINVAL;
d_ino = ino;
- if (sizeof(d_ino) < sizeof(ino) && d_ino != ino)
+ if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
+ buf->error = -EOVERFLOW;
return -EOVERFLOW;
+ }
dirent = buf->previous;
if (dirent)
- put_user(offset, &dirent->d_off);
+ if (put_user(offset, &dirent->d_off))
+ goto Efault;
dirent = buf->current_dir;
+ if (put_user(d_ino, &dirent->d_ino) ||
+ put_user(reclen, &dirent->d_reclen) ||
+ put_user(namlen, &dirent->d_namlen) ||
+ copy_to_user(dirent->d_name, name, namlen) ||
+ put_user(0, dirent->d_name + namlen))
+ goto Efault;
buf->previous = dirent;
- put_user(d_ino, &dirent->d_ino);
- put_user(reclen, &dirent->d_reclen);
- put_user(namlen, &dirent->d_namlen);
- copy_to_user(dirent->d_name, name, namlen);
- put_user(0, dirent->d_name + namlen);
- dirent = (void __user *)dirent + reclen;
- buf->current_dir = dirent;
+ buf->current_dir = (void __user *)dirent + reclen;
buf->count -= reclen;
return 0;
+Efault:
+ buffer->error = -EFAULT;
+ return -EFAULT;
}
#undef NAME_OFFSET
@@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i
error = buf.error;
lastdirent = buf.previous;
if (lastdirent) {
- put_user(file->f_pos, &lastdirent->d_off);
- error = count - buf.count;
+ if (put_user(file->f_pos, &lastdirent->d_off))
+ error = -EFAULT;
+ else
+ error = count - buf.count;
}
out_putf: