forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case

Browse source 
If the maximum length specified for the to be accessed string for
strncpy_from_user() and strnlen_user() is zero the following incorrect
values would be returned or incorrect memory accesses would happen:

strnlen_user_std() and strnlen_user_pt() incorrectly return "1"
strncpy_from_user_pt() would incorrectly access "dst[maxlen - 1]"
strncpy_from_user_mvcos() would incorrectly return "-EFAULT"

Fix all these oddities by adding early checks.

Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
Heiko Carstens 2013-02-21 13:30:42 +01:00 committed by Martin Schwidefsky
commit f45655f6a6
3 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
arch/s390/lib/uaccess_mvcos.c
View file

@ -184,6 +184,8 @@ static size_t strncpy_from_user_mvcos(size_t count, const char __user *src,
{
size_t done, len, offset, len_str;
if (unlikely(!count))
return 0;
done = 0;
do {
offset = (size_t)src & ~PAGE_MASK;