[ Please pull from git://git.xenomai.org/xenomai-jki.git for-upstream ]

Add missing range checks for select parameters and refactor the code.

Signed-off-by: Jan Kiszka <jan.kis...@siemens.com>
---

 ksrc/skins/posix/syscall.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ksrc/skins/posix/syscall.c b/ksrc/skins/posix/syscall.c
index c7950a6..4a5830e 100644
--- a/ksrc/skins/posix/syscall.c
+++ b/ksrc/skins/posix/syscall.c
@@ -2345,15 +2345,17 @@ static int __select(struct pt_regs *regs)
        struct timeval tv;
        pthread_t thread;
        int i, err, nfds;
+       size_t fds_size;
 
        thread = pse51_current_thread();
        if (!thread)
                return -EPERM;
 
        if (__xn_reg_arg5(regs)) {
-               if (__xn_copy_from_user(&tv,
-                                       (void __user *)__xn_reg_arg5(regs),
-                                       sizeof(tv)))
+               if (!access_wok((void __user *)__xn_reg_arg5(regs), sizeof(tv))
+                   || __xn_copy_from_user(&tv,
+                                          (void __user *)__xn_reg_arg5(regs),
+                                          sizeof(tv)))
                        return -EFAULT;
 
                if (tv.tv_usec > 1000000)
@@ -2364,15 +2366,16 @@ static int __select(struct pt_regs *regs)
        }
 
        nfds = __xn_reg_arg1(regs);
+       fds_size = __FDELT(nfds + __NFDBITS - 1) * sizeof(long);
 
        for (i = 0; i < XNSELECT_MAX_TYPES; i++)
                if (ufd_sets[i]) {
                        in_fds[i] = &in_fds_storage[i];
                        out_fds[i] = & out_fds_storage[i];
-                       if (__xn_copy_from_user(in_fds[i],
-                                               (void __user *) ufd_sets[i],
-                                               __FDELT(nfds + __NFDBITS - 1)
-                                               * sizeof(long)))
+                       if (!access_wok((void __user *) ufd_sets[i], fds_size)
+                           || __xn_copy_from_user(in_fds[i],
+                                                  (void __user *) ufd_sets[i],
+                                                  fds_size))
                                return -EFAULT;
                }
 

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xenomai-core mailing list
Xenomai-core@gna.org
https://mail.gna.org/listinfo/xenomai-core

Reply via email to