sparc: missing checks of __get_user()/__put_user() return values
authorAl Viro <viro@zeniv.linux.org.uk>
Sun, 22 Apr 2012 20:51:36 +0000 (16:51 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 22 May 2012 03:59:21 +0000 (23:59 -0400)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
arch/sparc/kernel/signal32.c
arch/sparc/kernel/sys_sparc_32.c

index 948700fb90365d3c54811d24577a841542ad757f..bb1513e45f1a811b05a07979995726b99eca1a94 100644 (file)
@@ -215,8 +215,9 @@ void do_sigreturn32(struct pt_regs *regs)
            (((unsigned long) sf) & 3))
                goto segv;
 
-       get_user(pc, &sf->info.si_regs.pc);
-       __get_user(npc, &sf->info.si_regs.npc);
+       if (get_user(pc, &sf->info.si_regs.pc) ||
+           __get_user(npc, &sf->info.si_regs.npc))
+               goto segv;
 
        if ((pc | npc) & 3)
                goto segv;
@@ -305,8 +306,9 @@ asmlinkage void do_rt_sigreturn32(struct pt_regs *regs)
            (((unsigned long) sf) & 3))
                goto segv;
 
-       get_user(pc, &sf->regs.pc);
-       __get_user(npc, &sf->regs.npc);
+       if (get_user(pc, &sf->regs.pc) || 
+           __get_user(npc, &sf->regs.npc))
+               goto segv;
 
        if ((pc | npc) & 3)
                goto segv;
index 627e89af1d712855157f3adbc62a180458eada90..cd99c1a7870f4de8079ec46f5762081ab70b53e6 100644 (file)
@@ -184,10 +184,10 @@ sparc_sigaction (int sig, const struct old_sigaction __user *act,
 
                if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
                    __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
-                   __get_user(new_ka.sa.sa_restorer, &act->sa_restorer))
+                   __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
+                   __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
+                   __get_user(mask, &act->sa_mask))
                        return -EFAULT;
-               __get_user(new_ka.sa.sa_flags, &act->sa_flags);
-               __get_user(mask, &act->sa_mask);
                siginitset(&new_ka.sa.sa_mask, mask);
                new_ka.ka_restorer = NULL;
        }
@@ -202,10 +202,10 @@ sparc_sigaction (int sig, const struct old_sigaction __user *act,
                 */
                if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
                    __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
-                   __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer))
+                   __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
+                   __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
+                   __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
                        return -EFAULT;
-               __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
-               __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask);
        }
 
        return ret;