diff options
| author | Kirill Korotaev <dev@sw.ru> | 2005-01-04 05:25:52 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-04 05:25:52 -0800 |
| commit | 8c42b547e53e4b9b5810afdc849126b08cd319e5 (patch) | |
| tree | 9b718dbb0a8ab5c52508c422f150298fd0c10bfb /fs | |
| parent | b6a6107abf22149c9cedc68149d3fd78a76f7e34 (diff) | |
| download | history-8c42b547e53e4b9b5810afdc849126b08cd319e5.tar.gz | |
[PATCH] 4/4GB: Incorrect bound check in do_getname()
This patch fixes incorrect address range check in do_getname().
Theoretically this can lead to do_getname() failure on kernel address space
string on the TASK_SIZE boundary addresses when 4GB split is ON.
(akpm: I don't see why this check exists at all, actually. afaict the only
effect of removing it is that we'll then generate -EFAULT on a
non-null-terminated pathname which ends exactly at TASK_SIZE).
Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/namei.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/fs/namei.c b/fs/namei.c index 6259abac065c59..d2e0f495190729 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -116,13 +116,14 @@ static inline int do_getname(const char __user *filename, char *page) int retval; unsigned long len = PATH_MAX; - if ((unsigned long) filename >= TASK_SIZE) { - if (!segment_eq(get_fs(), KERNEL_DS)) + if (!segment_eq(get_fs(), KERNEL_DS)) { + if ((unsigned long) filename >= TASK_SIZE) return -EFAULT; - } else if (TASK_SIZE - (unsigned long) filename < PATH_MAX) - len = TASK_SIZE - (unsigned long) filename; + if (TASK_SIZE - (unsigned long) filename < PATH_MAX) + len = TASK_SIZE - (unsigned long) filename; + } - retval = strncpy_from_user((char *)page, filename, len); + retval = strncpy_from_user(page, filename, len); if (retval > 0) { if (retval < len) return 0; |