/proc/*/environ: wrong placing of ptrace_may_attach() check

It's a bit dopey-looking and can permit a task to cause a pagefault in an mm which it doesn't have permission to read from. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Alexey Dobriyan <adobriyan@sw.ru> 2007-07-16 02:40:21 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-07-16 12:05:44 -0400
commit: da58a1617343e345d435953a0f32024997a95164 (patch)
tree: 12a0ad4a92221d38dd8846f63063a8414c44655d
parent: 7126dd0562c78fa393a53120155e9b265cc68f9d (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 46ea5d56e1bb..d0921944e68c 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -204,12 +204,17 @@ static int proc_pid_environ(struct task_struct *task, char * buffer)
        int res = 0;
        struct mm_struct *mm = get_task_mm(task);
        if (mm) {
-                unsigned int len = mm->env_end - mm->env_start;
+                unsigned int len;
+                res = -ESRCH;
+                if (!ptrace_may_attach(task))
+                        goto out;
+                len  = mm->env_end - mm->env_start;
                if (len > PAGE_SIZE)
                        len = PAGE_SIZE;
                res = access_process_vm(task, mm->env_start, buffer, len, 0);
-                if (!ptrace_may_attach(task))
+out:
-                        res = -ESRCH;
                mmput(mm);
        }
        return res;
author	Alexey Dobriyan <adobriyan@sw.ru>	2007-07-16 02:40:21 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-07-16 12:05:44 -0400
commit	da58a1617343e345d435953a0f32024997a95164 (patch)
tree	12a0ad4a92221d38dd8846f63063a8414c44655d
parent	7126dd0562c78fa393a53120155e9b265cc68f9d (diff)