diff options
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 53 |
1 files changed, 25 insertions, 28 deletions
diff --git a/fs/namei.c b/fs/namei.c index c83145af4bfc..a5421a12bb92 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -124,10 +124,9 @@ | |||
124 | struct filename * | 124 | struct filename * |
125 | getname_flags(const char __user *filename, int flags, int *empty) | 125 | getname_flags(const char __user *filename, int flags, int *empty) |
126 | { | 126 | { |
127 | struct filename *result, *err; | 127 | struct filename *result; |
128 | int len; | ||
129 | long max; | ||
130 | char *kname; | 128 | char *kname; |
129 | int len; | ||
131 | 130 | ||
132 | result = audit_reusename(filename); | 131 | result = audit_reusename(filename); |
133 | if (result) | 132 | if (result) |
@@ -136,7 +135,6 @@ getname_flags(const char __user *filename, int flags, int *empty) | |||
136 | result = __getname(); | 135 | result = __getname(); |
137 | if (unlikely(!result)) | 136 | if (unlikely(!result)) |
138 | return ERR_PTR(-ENOMEM); | 137 | return ERR_PTR(-ENOMEM); |
139 | result->refcnt = 1; | ||
140 | 138 | ||
141 | /* | 139 | /* |
142 | * First, try to embed the struct filename inside the names_cache | 140 | * First, try to embed the struct filename inside the names_cache |
@@ -145,13 +143,11 @@ getname_flags(const char __user *filename, int flags, int *empty) | |||
145 | kname = (char *)result + sizeof(*result); | 143 | kname = (char *)result + sizeof(*result); |
146 | result->name = kname; | 144 | result->name = kname; |
147 | result->separate = false; | 145 | result->separate = false; |
148 | max = EMBEDDED_NAME_MAX; | ||
149 | 146 | ||
150 | recopy: | 147 | len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX); |
151 | len = strncpy_from_user(kname, filename, max); | ||
152 | if (unlikely(len < 0)) { | 148 | if (unlikely(len < 0)) { |
153 | err = ERR_PTR(len); | 149 | __putname(result); |
154 | goto error; | 150 | return ERR_PTR(len); |
155 | } | 151 | } |
156 | 152 | ||
157 | /* | 153 | /* |
@@ -160,43 +156,44 @@ recopy: | |||
160 | * names_cache allocation for the pathname, and re-do the copy from | 156 | * names_cache allocation for the pathname, and re-do the copy from |
161 | * userland. | 157 | * userland. |
162 | */ | 158 | */ |
163 | if (len == EMBEDDED_NAME_MAX && max == EMBEDDED_NAME_MAX) { | 159 | if (unlikely(len == EMBEDDED_NAME_MAX)) { |
164 | kname = (char *)result; | 160 | kname = (char *)result; |
165 | 161 | ||
166 | result = kzalloc(sizeof(*result), GFP_KERNEL); | 162 | result = kzalloc(sizeof(*result), GFP_KERNEL); |
167 | if (!result) { | 163 | if (unlikely(!result)) { |
168 | err = ERR_PTR(-ENOMEM); | 164 | __putname(kname); |
169 | result = (struct filename *)kname; | 165 | return ERR_PTR(-ENOMEM); |
170 | goto error; | ||
171 | } | 166 | } |
172 | result->name = kname; | 167 | result->name = kname; |
173 | result->separate = true; | 168 | result->separate = true; |
174 | result->refcnt = 1; | 169 | len = strncpy_from_user(kname, filename, PATH_MAX); |
175 | max = PATH_MAX; | 170 | if (unlikely(len < 0)) { |
176 | goto recopy; | 171 | __putname(kname); |
172 | kfree(result); | ||
173 | return ERR_PTR(len); | ||
174 | } | ||
175 | if (unlikely(len == PATH_MAX)) { | ||
176 | __putname(kname); | ||
177 | kfree(result); | ||
178 | return ERR_PTR(-ENAMETOOLONG); | ||
179 | } | ||
177 | } | 180 | } |
178 | 181 | ||
182 | result->refcnt = 1; | ||
179 | /* The empty path is special. */ | 183 | /* The empty path is special. */ |
180 | if (unlikely(!len)) { | 184 | if (unlikely(!len)) { |
181 | if (empty) | 185 | if (empty) |
182 | *empty = 1; | 186 | *empty = 1; |
183 | err = ERR_PTR(-ENOENT); | 187 | if (!(flags & LOOKUP_EMPTY)) { |
184 | if (!(flags & LOOKUP_EMPTY)) | 188 | putname(result); |
185 | goto error; | 189 | return ERR_PTR(-ENOENT); |
190 | } | ||
186 | } | 191 | } |
187 | 192 | ||
188 | err = ERR_PTR(-ENAMETOOLONG); | ||
189 | if (unlikely(len >= PATH_MAX)) | ||
190 | goto error; | ||
191 | |||
192 | result->uptr = filename; | 193 | result->uptr = filename; |
193 | result->aname = NULL; | 194 | result->aname = NULL; |
194 | audit_getname(result); | 195 | audit_getname(result); |
195 | return result; | 196 | return result; |
196 | |||
197 | error: | ||
198 | putname(result); | ||
199 | return err; | ||
200 | } | 197 | } |
201 | 198 | ||
202 | struct filename * | 199 | struct filename * |