diff options
author | Oleg Nesterov <oleg@redhat.com> | 2011-03-06 18:02:21 +0100 |
---|---|---|
committer | Oleg Nesterov <oleg@redhat.com> | 2011-04-09 15:53:45 +0200 |
commit | 1d1dbf8135ab2f3603cc72e39e0f68784f453c39 (patch) | |
tree | e30b04b64f92a55200aab62d414fb1378f7bfaab | |
parent | bb3c90f0de7b34995b5e35cf5dc97a3d428b3761 (diff) | |
download | op-kernel-dev-1d1dbf8135ab2f3603cc72e39e0f68784f453c39.zip op-kernel-dev-1d1dbf8135ab2f3603cc72e39e0f68784f453c39.tar.gz |
exec: introduce get_user_arg_ptr() helper
Introduce get_user_arg_ptr() helper, convert count() and copy_strings()
to use it.
No functional changes, preparation. This helper is trivial, it just
reads the pointer from argv/envp user-space array.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
-rw-r--r-- | fs/exec.c | 36 |
1 files changed, 25 insertions, 11 deletions
@@ -398,6 +398,17 @@ err: return err; } +static const char __user * +get_user_arg_ptr(const char __user * const __user *argv, int nr) +{ + const char __user *ptr; + + if (get_user(ptr, argv + nr)) + return ERR_PTR(-EFAULT); + + return ptr; +} + /* * count() counts the number of strings in array ARGV. */ @@ -407,13 +418,14 @@ static int count(const char __user * const __user * argv, int max) if (argv != NULL) { for (;;) { - const char __user * p; + const char __user *p = get_user_arg_ptr(argv, i); - if (get_user(p, argv)) - return -EFAULT; if (!p) break; - argv++; + + if (IS_ERR(p)) + return -EFAULT; + if (i++ >= max) return -E2BIG; @@ -443,16 +455,18 @@ static int copy_strings(int argc, const char __user *const __user *argv, int len; unsigned long pos; - if (get_user(str, argv+argc) || - !(len = strnlen_user(str, MAX_ARG_STRLEN))) { - ret = -EFAULT; + ret = -EFAULT; + str = get_user_arg_ptr(argv, argc); + if (IS_ERR(str)) goto out; - } - if (!valid_arg_len(bprm, len)) { - ret = -E2BIG; + len = strnlen_user(str, MAX_ARG_STRLEN); + if (!len) + goto out; + + ret = -E2BIG; + if (!valid_arg_len(bprm, len)) goto out; - } /* We're going to work our way backwords. */ pos = bprm->p; |