From: Alexandr Andreev <[EMAIL PROTECTED]> Add VERIFY_WRITE check in the beginning like compat_sys_getdents() [EINVAL vs EFAULT on ia64. EFAULT on parisc if put_user() fails. --adobriyan]
Can arch maintainers look if compat_sys_getdents() is OK for them? Signed-off-by: Alexandr Andreev <[EMAIL PROTECTED]> Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]> --- arch/ia64/ia32/sys_ia32.c | 10 +++++++--- arch/parisc/kernel/sys_parisc32.c | 10 ++++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) --- a/arch/ia64/ia32/sys_ia32.c +++ b/arch/ia64/ia32/sys_ia32.c @@ -1267,6 +1267,10 @@ sys32_getdents (unsigned int fd, struct struct getdents32_callback buf; int error; + error = -EFAULT; + if (!access_ok(VERIFY_WRITE, dirent, count)) + goto out; + error = -EBADF; file = fget(fd); if (!file) @@ -1283,10 +1287,10 @@ sys32_getdents (unsigned int fd, struct error = buf.error; lastdirent = buf.previous; if (lastdirent) { - error = -EINVAL; if (put_user(file->f_pos, &lastdirent->d_off)) - goto out_putf; - error = count - buf.count; + error = -EFAULT; + else + error = count - buf.count; } out_putf: --- a/arch/parisc/kernel/sys_parisc32.c +++ b/arch/parisc/kernel/sys_parisc32.c @@ -350,6 +350,10 @@ sys32_getdents (unsigned int fd, void __ struct getdents32_callback buf; int error; + error = -EFAULT; + if (!access_ok(VERIFY_WRITE, dirent, count)) + goto out; + error = -EBADF; file = fget(fd); if (!file) @@ -366,8 +370,10 @@ sys32_getdents (unsigned int fd, void __ error = buf.error; lastdirent = buf.previous; if (lastdirent) { - put_user(file->f_pos, &lastdirent->d_off); - error = count - buf.count; + if (put_user(file->f_pos, &lastdirent->d_off)) + error = -EFAULT; + else + error = count - buf.count; } out_putf: _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel