From 645e68ed4d14272f0b47e2474f90577191bef781 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 11 Aug 2008 23:51:22 -0400 Subject: [PATCH] fix osf_getdirents() Return value of filldir callback is just "should we stop here"; it's not a usable channel for passing error values (i.e. ->readdir() will forget anything except "is it non-zero"). Signed-off-by: Al Viro --- arch/alpha/kernel/osf_sys.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'arch') diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c index 6e943135f0e0..8509dad31204 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c @@ -121,24 +121,29 @@ osf_filldir(void *__buf, const char *name, int namlen, loff_t offset, if (reclen > buf->count) return -EINVAL; d_ino = ino; - if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) + if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { + buf->error = -EOVERFLOW; return -EOVERFLOW; + } if (buf->basep) { if (put_user(offset, buf->basep)) - return -EFAULT; + goto Efault; buf->basep = NULL; } dirent = buf->dirent; - put_user(d_ino, &dirent->d_ino); - put_user(namlen, &dirent->d_namlen); - put_user(reclen, &dirent->d_reclen); - if (copy_to_user(dirent->d_name, name, namlen) || + if (put_user(d_ino, &dirent->d_ino) || + put_user(namlen, &dirent->d_namlen) || + put_user(reclen, &dirent->d_reclen) || + copy_to_user(dirent->d_name, name, namlen) || put_user(0, dirent->d_name + namlen)) - return -EFAULT; + goto Efault; dirent = (void __user *)dirent + reclen; buf->dirent = dirent; buf->count -= reclen; return 0; +Efault: + buf->error = -EFAULT; + return -EFAULT; } asmlinkage int -- cgit v1.2.2 From da574983de9f9283ba35662c8723627096e160de Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 12 Aug 2008 00:04:22 -0400 Subject: [PATCH] fix hpux_getdents() Missing checks for -EFAULT, broken handling of overflow. Signed-off-by: Al Viro --- arch/parisc/hpux/fs.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'arch') diff --git a/arch/parisc/hpux/fs.c b/arch/parisc/hpux/fs.c index 1263f00dc35d..69ff671498e5 100644 --- a/arch/parisc/hpux/fs.c +++ b/arch/parisc/hpux/fs.c @@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, if (reclen > buf->count) return -EINVAL; d_ino = ino; - if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) + if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) { + buf->error = -EOVERFLOW; return -EOVERFLOW; + } dirent = buf->previous; if (dirent) - put_user(offset, &dirent->d_off); + if (put_user(offset, &dirent->d_off)) + goto Efault; dirent = buf->current_dir; + if (put_user(d_ino, &dirent->d_ino) || + put_user(reclen, &dirent->d_reclen) || + put_user(namlen, &dirent->d_namlen) || + copy_to_user(dirent->d_name, name, namlen) || + put_user(0, dirent->d_name + namlen)) + goto Efault; buf->previous = dirent; - put_user(d_ino, &dirent->d_ino); - put_user(reclen, &dirent->d_reclen); - put_user(namlen, &dirent->d_namlen); - copy_to_user(dirent->d_name, name, namlen); - put_user(0, dirent->d_name + namlen); - dirent = (void __user *)dirent + reclen; - buf->current_dir = dirent; + buf->current_dir = (void __user *)dirent + reclen; buf->count -= reclen; return 0; +Efault: + buffer->error = -EFAULT; + return -EFAULT; } #undef NAME_OFFSET @@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i error = buf.error; lastdirent = buf.previous; if (lastdirent) { - put_user(file->f_pos, &lastdirent->d_off); - error = count - buf.count; + if (put_user(file->f_pos, &lastdirent->d_off)) + error = -EFAULT; + else + error = count - buf.count; } out_putf: -- cgit v1.2.2