diff options
author | Jim Meyering <meyering@redhat.com> | 2008-02-08 04:22:09 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-08 09:22:43 -0800 |
commit | 11a7ac23a2d7464a74ceb7b97dbae4d5a0208576 (patch) | |
tree | 9b4f26d1675ef802b82b01a8780a58d21c17bd2a /arch/um | |
parent | 5134d8fea06ab51459fd095d091d1e6f73a44553 (diff) | |
download | op-kernel-dev-11a7ac23a2d7464a74ceb7b97dbae4d5a0208576.zip op-kernel-dev-11a7ac23a2d7464a74ceb7b97dbae4d5a0208576.tar.gz |
uml: improved error handling while locating temp dir
* arch/um/os-Linux/mem.c (make_tempfile): Don't deref NULL upon failed malloc.
* arch/um/os-Linux/mem.c (make_tempfile): Handle NULL tempdir.
Don't let a long tempdir (e.g., via TMPDIR) provoke heap corruption.
[ jdike - formatting cleanups, deleted obsolete comment ]
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/um')
-rw-r--r-- | arch/um/os-Linux/mem.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 38742c2..93a11d7 100644 --- a/arch/um/os-Linux/mem.c +++ b/arch/um/os-Linux/mem.c @@ -162,11 +162,6 @@ found: goto out; } -/* - * This proc still used in tt-mode - * (file: kernel/tt/ptproxy/proxy.c, proc: start_debugger). - * So it isn't 'static' yet. - */ static int __init make_tempfile(const char *template, char **out_tempname, int do_unlink) { @@ -175,10 +170,13 @@ static int __init make_tempfile(const char *template, char **out_tempname, which_tmpdir(); tempname = malloc(MAXPATHLEN); - if (!tempname) - goto out; + if (tempname == NULL) + return -1; find_tempdir(); + if ((tempdir == NULL) || (strlen(tempdir) >= MAXPATHLEN)) + return -1; + if (template[0] != '/') strcpy(tempname, tempdir); else @@ -196,9 +194,8 @@ static int __init make_tempfile(const char *template, char **out_tempname, } if (out_tempname) { *out_tempname = tempname; - } else { + } else free(tempname); - } return fd; out: free(tempname); |