From da574983de9f9283ba35662c8723627096e160de Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 12 Aug 2008 00:04:22 -0400 Subject: [PATCH] fix hpux_getdents() Missing checks for -EFAULT, broken handling of overflow. Signed-off-by: Al Viro --- arch/parisc/hpux/fs.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'arch/parisc/hpux') diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c index 1263f00..69ff671 100644 --- a/arch/parisc/hpux/fs.c +++ b/arch/parisc/hpux/fs.c @@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, if (reclen > buf->count) return -EINVAL; d_ino = ino; - if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) + if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { + buf->error = -EOVERFLOW; return -EOVERFLOW; + } dirent = buf->previous; if (dirent) - put_user(offset, &dirent->d_off); + if (put_user(offset, &dirent->d_off)) + goto Efault; dirent = buf->current_dir; + if (put_user(d_ino, &dirent->d_ino) || + put_user(reclen, &dirent->d_reclen) || + put_user(namlen, &dirent->d_namlen) || + copy_to_user(dirent->d_name, name, namlen) || + put_user(0, dirent->d_name + namlen)) + goto Efault; buf->previous = dirent; - put_user(d_ino, &dirent->d_ino); - put_user(reclen, &dirent->d_reclen); - put_user(namlen, &dirent->d_namlen); - copy_to_user(dirent->d_name, name, namlen); - put_user(0, dirent->d_name + namlen); - dirent = (void __user *)dirent + reclen; - buf->current_dir = dirent; + buf->current_dir = (void __user *)dirent + reclen; buf->count -= reclen; return 0; +Efault: + buffer->error = -EFAULT; + return -EFAULT; } #undef NAME_OFFSET @@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i error = buf.error; lastdirent = buf.previous; if (lastdirent) { - put_user(file->f_pos, &lastdirent->d_off); - error = count - buf.count; + if (put_user(file->f_pos, &lastdirent->d_off)) + error = -EFAULT; + else + error = count - buf.count; } out_putf: -- cgit v1.1