exec: introduce get_user_arg_ptr() helper (1d1dbf81) · Commits · e / devices / android_kernel_sony_msm8994

fs/exec.c

+25 −11

Original line number	Original line	Diff line number	Diff line
	@@ -398,6 +398,17 @@ err:
	return err;		return err;
	}		}

			static const char __user *
			get_user_arg_ptr(const char __user * const __user *argv, int nr)
			{
			const char __user *ptr;

			if (get_user(ptr, argv + nr))
			return ERR_PTR(-EFAULT);

			return ptr;
			}

	/*		/*
	* count() counts the number of strings in array ARGV.		* count() counts the number of strings in array ARGV.
	*/		*/
	@@ -407,13 +418,14 @@ static int count(const char __user * const __user * argv, int max)

	if (argv != NULL) {		if (argv != NULL) {
	for (;;) {		for (;;) {
	const char __user * p;		const char __user *p = get_user_arg_ptr(argv, i);

	if (get_user(p, argv))
	return -EFAULT;
	if (!p)		if (!p)
	break;		break;
	argv++;
			if (IS_ERR(p))
			return -EFAULT;

	if (i++ >= max)		if (i++ >= max)
	return -E2BIG;		return -E2BIG;

	@@ -443,16 +455,18 @@ static int copy_strings(int argc, const char __user const __user argv,
	int len;		int len;
	unsigned long pos;		unsigned long pos;

	if (get_user(str, argv+argc) \|\|
	!(len = strnlen_user(str, MAX_ARG_STRLEN))) {
	ret = -EFAULT;		ret = -EFAULT;
			str = get_user_arg_ptr(argv, argc);
			if (IS_ERR(str))
			goto out;

			len = strnlen_user(str, MAX_ARG_STRLEN);
			if (!len)
	goto out;		goto out;
	}

	if (!valid_arg_len(bprm, len)) {
	ret = -E2BIG;		ret = -E2BIG;
			if (!valid_arg_len(bprm, len))
	goto out;		goto out;
	}

	/* We're going to work our way backwords. */		/* We're going to work our way backwords. */
	pos = bprm->p;		pos = bprm->p;