aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2005-12-31 20:00:29 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2005-12-31 20:00:29 -0500
commitde9e007d9105bf8fa613a89810feff32a43add03 (patch)
treeef7805d1e03e8648fbaca3713d1a749c27770339 /kernel
parent35f349ee082de0be45eb23926d9fc7569f5011f0 (diff)
sysctl: make sure to terminate strings with a NUL
This is a slightly more complete fix for the previous minimal sysctl string fix. It always terminates the returned string with a NUL, even if the full result wouldn't fit in the user-supplied buffer. The returned length is the full untruncated length, so that you can tell when truncation has occurred. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/sysctl.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index e5102ea6e104..b53115b882e1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2192,27 +2192,32 @@ int sysctl_string(ctl_table *table, int __user *name, int nlen,
2192 void __user *oldval, size_t __user *oldlenp, 2192 void __user *oldval, size_t __user *oldlenp,
2193 void __user *newval, size_t newlen, void **context) 2193 void __user *newval, size_t newlen, void **context)
2194{ 2194{
2195 size_t l, len;
2196
2197 if (!table->data || !table->maxlen) 2195 if (!table->data || !table->maxlen)
2198 return -ENOTDIR; 2196 return -ENOTDIR;
2199 2197
2200 if (oldval && oldlenp) { 2198 if (oldval && oldlenp) {
2201 if (get_user(len, oldlenp)) 2199 size_t bufsize;
2200 if (get_user(bufsize, oldlenp))
2202 return -EFAULT; 2201 return -EFAULT;
2203 if (len) { 2202 if (bufsize) {
2204 l = strlen(table->data)+1; 2203 size_t len = strlen(table->data), copied;
2205 if (len > l) len = l; 2204
2206 if (len >= table->maxlen) 2205 /* This shouldn't trigger for a well-formed sysctl */
2206 if (len > table->maxlen)
2207 len = table->maxlen; 2207 len = table->maxlen;
2208 if(copy_to_user(oldval, table->data, len)) 2208
2209 /* Copy up to a max of bufsize-1 bytes of the string */
2210 copied = (len >= bufsize) ? bufsize - 1 : len;
2211
2212 if (copy_to_user(oldval, table->data, copied) ||
2213 put_user(0, (char __user *)(oldval + copied)))
2209 return -EFAULT; 2214 return -EFAULT;
2210 if(put_user(len, oldlenp)) 2215 if (put_user(len, oldlenp))
2211 return -EFAULT; 2216 return -EFAULT;
2212 } 2217 }
2213 } 2218 }
2214 if (newval && newlen) { 2219 if (newval && newlen) {
2215 len = newlen; 2220 size_t len = newlen;
2216 if (len > table->maxlen) 2221 if (len > table->maxlen)
2217 len = table->maxlen; 2222 len = table->maxlen;
2218 if(copy_from_user(table->data, newval, len)) 2223 if(copy_from_user(table->data, newval, len))