[PATCH] fix hpux_getdents()
authorAl Viro <viro@zeniv.linux.org.uk>
Tue, 12 Aug 2008 04:04:22 +0000 (00:04 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 25 Aug 2008 05:18:07 +0000 (01:18 -0400)
Missing checks for -EFAULT, broken handling of overflow.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
arch/parisc/hpux/fs.c

index 1263f00dc35d568a63605890b2edcbb544facb5a..69ff671498e53069af7a1575c2745702a117930d 100644 (file)
@@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset,
        if (reclen > buf->count)
                return -EINVAL;
        d_ino = ino;
-       if (sizeof(d_ino) < sizeof(ino) && d_ino != ino)
+       if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
+               buf->error = -EOVERFLOW;
                return -EOVERFLOW;
+       }
        dirent = buf->previous;
        if (dirent)
-               put_user(offset, &dirent->d_off);
+               if (put_user(offset, &dirent->d_off))
+                       goto Efault;
        dirent = buf->current_dir;
+       if (put_user(d_ino, &dirent->d_ino) ||
+           put_user(reclen, &dirent->d_reclen) ||
+           put_user(namlen, &dirent->d_namlen) ||
+           copy_to_user(dirent->d_name, name, namlen) ||
+           put_user(0, dirent->d_name + namlen))
+               goto Efault;
        buf->previous = dirent;
-       put_user(d_ino, &dirent->d_ino);
-       put_user(reclen, &dirent->d_reclen);
-       put_user(namlen, &dirent->d_namlen);
-       copy_to_user(dirent->d_name, name, namlen);
-       put_user(0, dirent->d_name + namlen);
-       dirent = (void __user *)dirent + reclen;
-       buf->current_dir = dirent;
+       buf->current_dir = (void __user *)dirent + reclen;
        buf->count -= reclen;
        return 0;
+Efault:
+       buffer->error = -EFAULT;
+       return -EFAULT;
 }
 
 #undef NAME_OFFSET
@@ -126,8 +132,10 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i
        error = buf.error;
        lastdirent = buf.previous;
        if (lastdirent) {
-               put_user(file->f_pos, &lastdirent->d_off);
-               error = count - buf.count;
+               if (put_user(file->f_pos, &lastdirent->d_off))
+                       error = -EFAULT;
+               else
+                       error = count - buf.count;
        }
 
 out_putf: