From 6fc48af82cef55546d640778698943b6227b7fb0 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Wed, 14 Nov 2007 16:58:38 -0800 Subject: sysctl: check length at deprecated_sysctl_warning Original patch assumed args->nlen < CTL_MAXNAME, but it can be false. Signed-off-by: Tetsuo Handa Cc: "Eric W. Biederman" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- kernel/sysctl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 3a1744f..0deed82 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2620,6 +2620,10 @@ static int deprecated_sysctl_warning(struct __sysctl_args *args) int name[CTL_MAXNAME]; int i; + /* Check args->nlen. */ + if (args->nlen < 0 || args->nlen > CTL_MAXNAME) + return -ENOTDIR; + /* Read in the sysctl name for better debug message logging */ for (i = 0; i < args->nlen; i++) if (get_user(name[i], args->name + i)) -- cgit v1.1