aboutsummaryrefslogtreecommitdiffstats
path: root/arch/parisc/hpux/fs.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-08-12 00:04:22 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-08-25 01:18:07 -0400
commitda574983de9f9283ba35662c8723627096e160de (patch)
tree8e8b71b2a5eace01a3ed1975058de1f51a689e4f /arch/parisc/hpux/fs.c
parent645e68ed4d14272f0b47e2474f90577191bef781 (diff)
[PATCH] fix hpux_getdents()
Missing checks for -EFAULT, broken handling of overflow. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'arch/parisc/hpux/fs.c')
-rw-r--r--arch/parisc/hpux/fs.c30
1 files changed, 19 insertions, 11 deletions
diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c
index 1263f00dc35d..69ff671498e5 100644
--- a/arch/parisc/hpux/fs.c
+++ b/arch/parisc/hpux/fs.c
@@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
84 if (reclen > buf->count) 84 if (reclen > buf->count)
85 return -EINVAL; 85 return -EINVAL;
86 d_ino = ino; 86 d_ino = ino;
87 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) 87 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
88 buf->error = -EOVERFLOW;
88 return -EOVERFLOW; 89 return -EOVERFLOW;
90 }
89 dirent = buf->previous; 91 dirent = buf->previous;
90 if (dirent) 92 if (dirent)
91 put_user(offset, &dirent->d_off); 93 if (put_user(offset, &dirent->d_off))
94 goto Efault;
92 dirent = buf->current_dir; 95 dirent = buf->current_dir;
96 if (put_user(d_ino, &dirent->d_ino) ||
97 put_user(reclen, &dirent->d_reclen) ||
98 put_user(namlen, &dirent->d_namlen) ||
99 copy_to_user(dirent->d_name, name, namlen) ||
100 put_user(0, dirent->d_name + namlen))
101 goto Efault;
93 buf->previous = dirent; 102 buf->previous = dirent;
94 put_user(d_ino, &dirent->d_ino); 103 buf->current_dir = (void __user *)dirent + reclen;
95 put_user(reclen, &dirent->d_reclen);
96 put_user(namlen, &dirent->d_namlen);
97 copy_to_user(dirent->d_name, name, namlen);
98 put_user(0, dirent->d_name + namlen);
99 dirent = (void __user *)dirent + reclen;
100 buf->current_dir = dirent;
101 buf->count -= reclen; 104 buf->count -= reclen;
102 return 0; 105 return 0;
106Efault:
107 buffer->error = -EFAULT;
108 return -EFAULT;
103} 109}
104 110
105#undef NAME_OFFSET 111#undef NAME_OFFSET
@@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i
126 error = buf.error; 132 error = buf.error;
127 lastdirent = buf.previous; 133 lastdirent = buf.previous;
128 if (lastdirent) { 134 if (lastdirent) {
129 put_user(file->f_pos, &lastdirent->d_off); 135 if (put_user(file->f_pos, &lastdirent->d_off))
130 error = count - buf.count; 136 error = -EFAULT;
137 else
138 error = count - buf.count;
131 } 139 }
132 140
133out_putf: 141out_putf: