Unchecked use of __get_user in shmfs

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 18 Feb 2002 20:05:34 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrik Weiskircher: "Re: khubd zombie"
Previous message: Alan Cox: "Re: want ip identification enabled"

The fix below seems rather important.

--- ../linux/mm/shmem.c Fri Dec 21 17:42:05 2001
+++ mm/shmem.c Mon Feb 18 19:46:04 2002
@@ -740,6 +749,13 @@
static struct inode_operations shmem_symlink_inode_operations;
static struct inode_operations shmem_symlink_inline_operations;

+/*
+ * This is a copy of generic_file_write slightly modified. It would
+ * help no end if it were kept remotely up to date with the
+ * generic_file_write changes. I don't alas see a good way to merge
+ * it back and use the generic one -- Alan
+ */
+
static ssize_t
shmem_file_write(struct file *file,const char *buf,size_t count,loff_t *ppos)
{
@@ -751,7 +767,12 @@
unsigned long written;
long status;
int err;

+ if ((ssize_t) count < 0)
+ return -EINVAL;
+
+ if (!access_ok(VERIFY_READ, buf, count))
+ return -EFAULT;

down(&inode->i_sem);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrik Weiskircher: "Re: khubd zombie"
Previous message: Alan Cox: "Re: want ip identification enabled"