diff options
| author | Linus Torvalds <torvalds@osdl.org> | 2005-12-30 21:59:41 -0800 |
|---|---|---|
| committer | Chris Wright <chrisw@sous-sol.org> | 2006-01-07 18:15:08 -0800 |
| commit | 002cf2a8adbb7b9d9911f410e2db78c7a3798d14 (patch) | |
| tree | 5866980db57bdc4cb4320c77ec5678d851f6ca81 | |
| parent | eb558037b4bb4d965eb36df1def531ce7899254e (diff) | |
[PATCH] sysctl: make sure to terminate strings with a NUL
This is a slightly more complete fix for the previous minimal sysctl
string fix. It always terminates the returned string with a NUL, even
if the full result wouldn't fit in the user-supplied buffer.
The returned length is the full untruncated length, so that you can
tell when truncation has occurred.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[chrisw: inclusive of minimal fix so it's same as upstream]
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
| -rw-r--r-- | kernel/sysctl.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index b90dba78a6e1..eebedca76a46 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2191,29 +2191,32 @@ int sysctl_string(ctl_table *table, int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp, void __user *newval, size_t newlen, void **context) { - size_t l, len; - if (!table->data || !table->maxlen) return -ENOTDIR; if (oldval && oldlenp) { - if (get_user(len, oldlenp)) + size_t bufsize; + if (get_user(bufsize, oldlenp)) return -EFAULT; - if (len) { - l = strlen(table->data); - if (len > l) len = l; - if (len >= table->maxlen) + if (bufsize) { + size_t len = strlen(table->data), copied; + + /* This shouldn't trigger for a well-formed sysctl */ + if (len > table->maxlen) len = table->maxlen; - if(copy_to_user(oldval, table->data, len)) - return -EFAULT; - if(put_user(0, ((char __user *) oldval) + len)) + + /* Copy up to a max of bufsize-1 bytes of the string */ + copied = (len >= bufsize) ? bufsize - 1 : len; + + if (copy_to_user(oldval, table->data, copied) || + put_user(0, (char __user *)(oldval + copied))) return -EFAULT; - if(put_user(len, oldlenp)) + if (put_user(len, oldlenp)) return -EFAULT; } } if (newval && newlen) { - len = newlen; + size_t len = newlen; if (len > table->maxlen) len = table->maxlen; if(copy_from_user(table->data, newval, len)) @@ -2222,7 +2225,7 @@ int sysctl_string(ctl_table *table, int __user *name, int nlen, len--; ((char *) table->data)[len] = 0; } - return 0; + return 1; } /* |