Ulrich Drepper a écrit :
quoted text > This is the actual architecture-independent part of the system call
> implementation.
>
quoted text > +
> +long sys_indirect(struct indirect_registers __user *userregs,
> + void __user *userparams, size_t paramslen)
> +{
> + struct indirect_registers regs;
> + long result;
> +
> + if (copy_from_user(®s, userregs, sizeof(regs)))
> + return -EFAULT;
> +
> + switch (INDIRECT_SYSCALL (®s))
> + {
> +#ifdef __NR_accept
> + case __NR_accept:
> +#endif
> +#ifdef __NR_socketpair
> + case __NR_socketpair:
> +#endif
> +#ifdef __NR_socket
> + case __NR_socket:
> +#endif
> +#ifdef __NR_socketcall
> + case __NR_socketcall:
> +#endif
> + break;
> +
> + default:
> + return -EINVAL;
> + }
> +
> + if (paramslen > sizeof(union indirect_params))
> + return -EINVAL;
> + if (copy_from_user(¤t->indirect_params, userparams, paramslen))
Here, you should clear current->indirect_params before returning -EFAULT
{
memset(¤t->indirect_params, 0, paramslen);
quoted text > + return -EFAULT;
}
copy_from_user could do a partial copy (so dirty first bytes of
indirect_params) and all furthers calls to socket()/open() and so on could be
broken.
quoted text > +
> + result = CALL_INDIRECT(®s);
> +
> + memset(¤t->indirect_params, '__PLACEHOLDER__3_', paramslen);
> +
> + return result;
> +}
> -
-
unsubscribe notice To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/ Messages in current thread:
Re: [PATCHv2 1/4] actual sys_indirect code , Eric Dumazet , (Thu Nov 15, 10:43 pm)
