diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-08-12 00:04:22 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-08-25 01:18:07 -0400 |
commit | da574983de9f9283ba35662c8723627096e160de (patch) | |
tree | 8e8b71b2a5eace01a3ed1975058de1f51a689e4f | |
parent | 645e68ed4d14272f0b47e2474f90577191bef781 (diff) |
[PATCH] fix hpux_getdents()
Missing checks for -EFAULT, broken handling of overflow.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | arch/parisc/hpux/fs.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c index 1263f00dc35d..69ff671498e5 100644 --- a/arch/parisc/hpux/fs.c +++ b/arch/parisc/hpux/fs.c | |||
@@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, | |||
84 | if (reclen > buf->count) | 84 | if (reclen > buf->count) |
85 | return -EINVAL; | 85 | return -EINVAL; |
86 | d_ino = ino; | 86 | d_ino = ino; |
87 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) | 87 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { |
88 | buf->error = -EOVERFLOW; | ||
88 | return -EOVERFLOW; | 89 | return -EOVERFLOW; |
90 | } | ||
89 | dirent = buf->previous; | 91 | dirent = buf->previous; |
90 | if (dirent) | 92 | if (dirent) |
91 | put_user(offset, &dirent->d_off); | 93 | if (put_user(offset, &dirent->d_off)) |
94 | goto Efault; | ||
92 | dirent = buf->current_dir; | 95 | dirent = buf->current_dir; |
96 | if (put_user(d_ino, &dirent->d_ino) || | ||
97 | put_user(reclen, &dirent->d_reclen) || | ||
98 | put_user(namlen, &dirent->d_namlen) || | ||
99 | copy_to_user(dirent->d_name, name, namlen) || | ||
100 | put_user(0, dirent->d_name + namlen)) | ||
101 | goto Efault; | ||
93 | buf->previous = dirent; | 102 | buf->previous = dirent; |
94 | put_user(d_ino, &dirent->d_ino); | 103 | buf->current_dir = (void __user *)dirent + reclen; |
95 | put_user(reclen, &dirent->d_reclen); | ||
96 | put_user(namlen, &dirent->d_namlen); | ||
97 | copy_to_user(dirent->d_name, name, namlen); | ||
98 | put_user(0, dirent->d_name + namlen); | ||
99 | dirent = (void __user *)dirent + reclen; | ||
100 | buf->current_dir = dirent; | ||
101 | buf->count -= reclen; | 104 | buf->count -= reclen; |
102 | return 0; | 105 | return 0; |
106 | Efault: | ||
107 | buffer->error = -EFAULT; | ||
108 | return -EFAULT; | ||
103 | } | 109 | } |
104 | 110 | ||
105 | #undef NAME_OFFSET | 111 | #undef NAME_OFFSET |
@@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i | |||
126 | error = buf.error; | 132 | error = buf.error; |
127 | lastdirent = buf.previous; | 133 | lastdirent = buf.previous; |
128 | if (lastdirent) { | 134 | if (lastdirent) { |
129 | put_user(file->f_pos, &lastdirent->d_off); | 135 | if (put_user(file->f_pos, &lastdirent->d_off)) |
130 | error = count - buf.count; | 136 | error = -EFAULT; |
137 | else | ||
138 | error = count - buf.count; | ||
131 | } | 139 | } |
132 | 140 | ||
133 | out_putf: | 141 | out_putf: |