Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da574983 authored by Al Viro's avatar Al Viro
Browse files

[PATCH] fix hpux_getdents() 



Missing checks for -EFAULT, broken handling of overflow.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 645e68ed

arch/parisc/hpux/fs.c

+19 −11
Original line number Diff line number Diff line
@@ -84,22 +84,28 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, 
	if (reclen > buf->count)

		return -EINVAL;

	d_ino = ino;

	if (sizeof(d_ino) < sizeof(ino) && d_ino != ino)

	if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {

		buf->error = -EOVERFLOW;

		return -EOVERFLOW;

	}

	dirent = buf->previous;

	if (dirent)

		put_user(offset, &dirent->d_off);

		if (put_user(offset, &dirent->d_off))

			goto Efault;

	dirent = buf->current_dir;

	if (put_user(d_ino, &dirent->d_ino) ||

	    put_user(reclen, &dirent->d_reclen) ||

	    put_user(namlen, &dirent->d_namlen) ||

	    copy_to_user(dirent->d_name, name, namlen) ||

	    put_user(0, dirent->d_name + namlen))

		goto Efault;

	buf->previous = dirent;

	put_user(d_ino, &dirent->d_ino);

	put_user(reclen, &dirent->d_reclen);

	put_user(namlen, &dirent->d_namlen);

	copy_to_user(dirent->d_name, name, namlen);

	put_user(0, dirent->d_name + namlen);

	dirent = (void __user *)dirent + reclen;

	buf->current_dir = dirent;

	buf->current_dir = (void __user *)dirent + reclen;

	buf->count -= reclen;

	return 0;

Efault:

	buffer->error = -EFAULT;

	return -EFAULT;

}



#undef NAME_OFFSET
@@ -126,7 +132,9 @@ int hpux_getdents(unsigned int fd, struct hpux_dirent __user *dirent, unsigned i 
	error = buf.error;

	lastdirent = buf.previous;

	if (lastdirent) {

		put_user(file->f_pos, &lastdirent->d_off);

		if (put_user(file->f_pos, &lastdirent->d_off))

			error = -EFAULT;

		else

			error = count - buf.count;

	}