[PATCH] usercopy checks in old_readdir()

Fix up some unchecked copy_to_user()s

[PATCH] usercopy checks in old_readdir()
Fix up some unchecked copy_to_user()s
4d580698 · Andrew Morton · James Bottomley · de88f07f · 4d580698
Commit 4d580698 authored Mar 08, 2003 by Andrew Morton Committed by James Bottomley Mar 08, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 5 deletions

fs/readdir.c fs/readdir.c +10 -5

No files found.
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -72,11 +72,16 @@ static int fillonedir(void * __buf, const char * name, int namlen, loff_t offset
 		return -EINVAL;
 	buf->count++;
 	dirent = buf->dirent;
-	put_user(ino, &dirent->d_ino);
-	put_user(offset, &dirent->d_offset);
-	put_user(namlen, &dirent->d_namlen);
-	copy_to_user(dirent->d_name, name, namlen);
-	put_user(0, dirent->d_name + namlen);
+	if (!access_ok(VERIFY_WRITE, (unsigned long)dirent,
+			(unsigned long)(dirent->d_name + namlen + 1) -
+				(unsigned long)dirent))
+		return -EFAULT;
+	if (	__put_user(ino, &dirent->d_ino) ||
+		__put_user(offset, &dirent->d_offset) ||
+		__put_user(namlen, &dirent->d_namlen) ||
+		__copy_to_user(dirent->d_name, name, namlen) ||
+		__put_user(0, dirent->d_name + namlen))
+		return -EFAULT;
 	return 0;
 }