[PATCH] fs/proc/: fix input sanity check.

From: Vincent Li
Date: Tue Aug 11 2009 - 17:33:28 EST

Next message: Thomas Schlichter: "[PATCH] drm/via: add pci id for VIA VX800 chipset"
Previous message: Michael S. Tsirkin: "[PATCHv2 1/2] mm: export use_mm/unuse_mm to modules"
Next in thread: Andrew Morton: "Re: [PATCH] fs/proc/: fix input sanity check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

fix fs/proc/task_mmu.c clear_refs_write(), fs/proc/base.c proc_fault_inject_write()
and proc_fault_inject_operations() input sanity check by following the disccusion of
http://marc.info/?l=linux-mm&m=124938168905463&w=2.

Signed-off-by: Vincent Li <macli@xxxxxxxxxx>
---
fs/proc/base.c | 20 ++++++++------------
fs/proc/task_mmu.c | 11 +++++------
2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 04d29a0..44054d2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1190,17 +1190,16 @@ static ssize_t proc_fault_inject_write(struct file * file,
count = sizeof(buffer) - 1;
if (copy_from_user(buffer, buf, count))
return -EFAULT;
- make_it_fail = simple_strtol(buffer, &end, 0);
- if (*end == '\n')
- end++;
+ make_it_fail = simple_strtol(strstrip(buffer), &end, 0);
+ if (*end)
+ return -EINVAL;
task = get_proc_task(file->f_dentry->d_inode);
if (!task)
return -ESRCH;
task->make_it_fail = make_it_fail;
put_task_struct(task);
- if (end - buffer == 0)
- return -EIO;
- return end - buffer;
+
+ return count;
}

static const struct file_operations proc_fault_inject_operations = {
@@ -2253,18 +2252,15 @@ static ssize_t proc_coredump_filter_write(struct file *file,
goto out_no_task;

ret = -EINVAL;
- val = (unsigned int)simple_strtoul(buffer, &end, 0);
- if (*end == '\n')
- end++;
- if (end - buffer == 0)
- goto out_no_task;
+ val = (unsigned int)simple_strtoul(strstrip(buffer), &end, 0);
+ if (*end)
+ return ret;

ret = -ESRCH;
task = get_proc_task(file->f_dentry->d_inode);
if (!task)
goto out_no_task;

- ret = end - buffer;
mm = get_task_mm(task);
if (!mm)
goto out_no_mm;
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 6f61b7c..957b266 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -477,10 +477,10 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
count = sizeof(buffer) - 1;
if (copy_from_user(buffer, buf, count))
return -EFAULT;
- if (!simple_strtol(buffer, &end, 0))
+ if (!simple_strtol(strstrip(buffer), &end, 0))
+ return -EINVAL;
+ if (*end)
return -EINVAL;
- if (*end == '\n')
- end++;
task = get_proc_task(file->f_path.dentry->d_inode);
if (!task)
return -ESRCH;
@@ -502,9 +502,8 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
mmput(mm);
}
put_task_struct(task);
- if (end - buffer == 0)
- return -EIO;
- return end - buffer;
+
+ return count;
}

const struct file_operations proc_clear_refs_operations = {
--
1.6.0.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Schlichter: "[PATCH] drm/via: add pci id for VIA VX800 chipset"
Previous message: Michael S. Tsirkin: "[PATCHv2 1/2] mm: export use_mm/unuse_mm to modules"
Next in thread: Andrew Morton: "Re: [PATCH] fs/proc/: fix input sanity check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]