diff options
author | Oleg Nesterov <oleg@redhat.com> | 2011-03-06 12:02:21 -0500 |
---|---|---|
committer | Oleg Nesterov <oleg@redhat.com> | 2011-04-09 09:53:45 -0400 |
commit | 1d1dbf8135ab2f3603cc72e39e0f68784f453c39 (patch) | |
tree | e30b04b64f92a55200aab62d414fb1378f7bfaab | |
parent | bb3c90f0de7b34995b5e35cf5dc97a3d428b3761 (diff) |
exec: introduce get_user_arg_ptr() helper
Introduce get_user_arg_ptr() helper, convert count() and copy_strings()
to use it.
No functional changes, preparation. This helper is trivial, it just
reads the pointer from argv/envp user-space array.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
-rw-r--r-- | fs/exec.c | 36 |
1 files changed, 25 insertions, 11 deletions
@@ -398,6 +398,17 @@ err: | |||
398 | return err; | 398 | return err; |
399 | } | 399 | } |
400 | 400 | ||
401 | static const char __user * | ||
402 | get_user_arg_ptr(const char __user * const __user *argv, int nr) | ||
403 | { | ||
404 | const char __user *ptr; | ||
405 | |||
406 | if (get_user(ptr, argv + nr)) | ||
407 | return ERR_PTR(-EFAULT); | ||
408 | |||
409 | return ptr; | ||
410 | } | ||
411 | |||
401 | /* | 412 | /* |
402 | * count() counts the number of strings in array ARGV. | 413 | * count() counts the number of strings in array ARGV. |
403 | */ | 414 | */ |
@@ -407,13 +418,14 @@ static int count(const char __user * const __user * argv, int max) | |||
407 | 418 | ||
408 | if (argv != NULL) { | 419 | if (argv != NULL) { |
409 | for (;;) { | 420 | for (;;) { |
410 | const char __user * p; | 421 | const char __user *p = get_user_arg_ptr(argv, i); |
411 | 422 | ||
412 | if (get_user(p, argv)) | ||
413 | return -EFAULT; | ||
414 | if (!p) | 423 | if (!p) |
415 | break; | 424 | break; |
416 | argv++; | 425 | |
426 | if (IS_ERR(p)) | ||
427 | return -EFAULT; | ||
428 | |||
417 | if (i++ >= max) | 429 | if (i++ >= max) |
418 | return -E2BIG; | 430 | return -E2BIG; |
419 | 431 | ||
@@ -443,16 +455,18 @@ static int copy_strings(int argc, const char __user *const __user *argv, | |||
443 | int len; | 455 | int len; |
444 | unsigned long pos; | 456 | unsigned long pos; |
445 | 457 | ||
446 | if (get_user(str, argv+argc) || | 458 | ret = -EFAULT; |
447 | !(len = strnlen_user(str, MAX_ARG_STRLEN))) { | 459 | str = get_user_arg_ptr(argv, argc); |
448 | ret = -EFAULT; | 460 | if (IS_ERR(str)) |
449 | goto out; | 461 | goto out; |
450 | } | ||
451 | 462 | ||
452 | if (!valid_arg_len(bprm, len)) { | 463 | len = strnlen_user(str, MAX_ARG_STRLEN); |
453 | ret = -E2BIG; | 464 | if (!len) |
465 | goto out; | ||
466 | |||
467 | ret = -E2BIG; | ||
468 | if (!valid_arg_len(bprm, len)) | ||
454 | goto out; | 469 | goto out; |
455 | } | ||
456 | 470 | ||
457 | /* We're going to work our way backwords. */ | 471 | /* We're going to work our way backwords. */ |
458 | pos = bprm->p; | 472 | pos = bprm->p; |