diff options
author | Robin Getz <robin.getz@analog.com> | 2009-06-03 20:32:59 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2009-06-12 06:12:02 -0400 |
commit | a8372b5ca618d4ea41b3c7ac3cef8dd6efa68bc6 (patch) | |
tree | 644ce05a655aef5082d614309afc4b6655a30a48 /arch/blackfin | |
parent | 685a694f0653b7db49f663b2cd6953695214fb30 (diff) |
Blackfin: add missing access_ok() checks to user functions
The core string/clear user functions weren't checking the user pointers
which caused kernel crashes with some bad programs and tests (like LTP).
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'arch/blackfin')
-rw-r--r-- | arch/blackfin/include/asm/uaccess.h | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h index 3248033531e6..97729be98948 100644 --- a/arch/blackfin/include/asm/uaccess.h +++ b/arch/blackfin/include/asm/uaccess.h | |||
@@ -233,16 +233,29 @@ strncpy_from_user(char *dst, const char *src, long count) | |||
233 | } | 233 | } |
234 | 234 | ||
235 | /* | 235 | /* |
236 | * Return the size of a string (including the ending 0) | 236 | * Get the size of a string in user space. |
237 | * src: The string to measure | ||
238 | * n: The maximum valid length | ||
237 | * | 239 | * |
238 | * Return 0 on exception, a value greater than N if too long | 240 | * Get the size of a NUL-terminated string in user space. |
241 | * | ||
242 | * Returns the size of the string INCLUDING the terminating NUL. | ||
243 | * On exception, returns 0. | ||
244 | * If the string is too long, returns a value greater than n. | ||
239 | */ | 245 | */ |
240 | static inline long strnlen_user(const char *src, long n) | 246 | static inline long __must_check strnlen_user(const char *src, long n) |
241 | { | 247 | { |
242 | return (strlen(src) + 1); | 248 | if (!access_ok(VERIFY_READ, src, 1)) |
249 | return 0; | ||
250 | return strnlen(src, n) + 1; | ||
243 | } | 251 | } |
244 | 252 | ||
245 | #define strlen_user(str) strnlen_user(str, 32767) | 253 | static inline long __must_check strlen_user(const char *src) |
254 | { | ||
255 | if (!access_ok(VERIFY_READ, src, 1)) | ||
256 | return 0; | ||
257 | return strlen(src) + 1; | ||
258 | } | ||
246 | 259 | ||
247 | /* | 260 | /* |
248 | * Zero Userspace | 261 | * Zero Userspace |
@@ -251,6 +264,8 @@ static inline long strnlen_user(const char *src, long n) | |||
251 | static inline unsigned long __must_check | 264 | static inline unsigned long __must_check |
252 | __clear_user(void *to, unsigned long n) | 265 | __clear_user(void *to, unsigned long n) |
253 | { | 266 | { |
267 | if (!access_ok(VERIFY_WRITE, to, n)) | ||
268 | return n; | ||
254 | memset(to, 0, n); | 269 | memset(to, 0, n); |
255 | return 0; | 270 | return 0; |
256 | } | 271 | } |