Commit a8372b5c authored by Robin Getz's avatar Robin Getz Committed by Mike Frysinger

Blackfin: add missing access_ok() checks to user functions

The core string/clear user functions weren't checking the user pointers
which caused kernel crashes with some bad programs and tests (like LTP).
Signed-off-by: default avatarRobin Getz <robin.getz@analog.com>
Signed-off-by: default avatarMike Frysinger <vapier@gentoo.org>
parent 685a694f
......@@ -233,16 +233,29 @@ strncpy_from_user(char *dst, const char *src, long count)
}
/*
* Return the size of a string (including the ending 0)
* Get the size of a string in user space.
* src: The string to measure
* n: The maximum valid length
*
* Return 0 on exception, a value greater than N if too long
* Get the size of a NUL-terminated string in user space.
*
* Returns the size of the string INCLUDING the terminating NUL.
* On exception, returns 0.
* If the string is too long, returns a value greater than n.
*/
static inline long strnlen_user(const char *src, long n)
static inline long __must_check strnlen_user(const char *src, long n)
{
return (strlen(src) + 1);
if (!access_ok(VERIFY_READ, src, 1))
return 0;
return strnlen(src, n) + 1;
}
#define strlen_user(str) strnlen_user(str, 32767)
static inline long __must_check strlen_user(const char *src)
{
if (!access_ok(VERIFY_READ, src, 1))
return 0;
return strlen(src) + 1;
}
/*
* Zero Userspace
......@@ -251,6 +264,8 @@ static inline long strnlen_user(const char *src, long n)
static inline unsigned long __must_check
__clear_user(void *to, unsigned long n)
{
if (!access_ok(VERIFY_WRITE, to, n))
return n;
memset(to, 0, n);
return 0;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment