Skip to content

cloud-kernel
cloud-kernel

openanolis / cloud-kernel
1 年多 前同步成功

通知 163
Star 36
Fork 7
cloud-kernel
cloud-kernel
提交 79bc12a0 编写于 作者: A Al Viro 提交者: Linus Torvalds
浏览文件
操作

ecryptfs fixes 

memcpy() from userland pointer is a Bad Thing(tm)
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 4ec7ffa2
master alk-4.19.24 alk-4.19.30 alk-4.19.34 alk-4.19.36 alk-4.19.43 alk-4.19.48 alk-4.19.57 ck-4.19.67 ck-4.19.81 ck-4.19.91 github/fork/deepanshu1422/fix-typo-in-comment github/fork/haosdent/fix-typo linux-next v4.19.91 v4.19.90 v4.19.89 v4.19.88 v4.19.87 v4.19.86 v4.19.85 v4.19.84 v4.19.83 v4.19.82 v4.19.81 v4.19.80 v4.19.79 v4.19.78 v4.19.77 v4.19.76 v4.19.75 v4.19.74 v4.19.73 v4.19.72 v4.19.71 v4.19.70 v4.19.69 v4.19.68 v4.19.67 v4.19.66 v4.19.65 v4.19.64 v4.19.63 v4.19.62 v4.19.61 v4.19.60 v4.19.59 v4.19.58 v4.19.57 v4.19.56 v4.19.55 v4.19.54 v4.19.53 v4.19.52 v4.19.51 v4.19.50 v4.19.49 v4.19.48 v4.19.47 v4.19.46 v4.19.45 v4.19.44 v4.19.43 v4.19.42 v4.19.41 v4.19.40 v4.19.39 v4.19.38 v4.19.37 v4.19.36 v4.19.35 v4.19.34 v4.19.33 v4.19.32 v4.19.31 v4.19.30 v4.19.29 v4.19.28 v4.19.27 v4.19.26 v4.19.25 v4.19.24 v4.19.23 v4.19.22 v4.19.21 v4.19.20 v4.19.19 v4.19.18 v4.19.17 v4.19.16 v4.19.15 v4.19.14 v4.19.13 v4.19.12 v4.19.11 v4.19.10 v4.19.9 v4.19.8 v4.19.7 v4.19.6 v4.19.5 v4.19.4 v4.19.3 v4.19.2 v4.19.1 v4.19 v4.19-rc8 v4.19-rc7 v4.19-rc6 v4.19-rc5 v4.19-rc4 v4.19-rc3 v4.19-rc2 v4.19-rc1 ck-release-21 ck-release-20 ck-release-19.2 ck-release-19.1 ck-release-19 ck-release-18 ck-release-17.2 ck-release-17.1 ck-release-17 ck-release-16 ck-release-15.1 ck-release-15 ck-release-14 ck-release-13.2 ck-release-13 ck-release-12 ck-release-11 ck-release-10 ck-release-9 ck-release-7 alk-release-15 alk-release-14 alk-release-13.2 alk-release-13 alk-release-12 alk-release-11 alk-release-10 alk-release-9 alk-release-7
无相关合并请求
隐藏空白更改
内联 并排
Showing with 12 addition and 14 deletion
fs/ecryptfs/miscdev.c
浏览文件 @ 79bc12a0
......@@ -243,7 +243,6 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
struct ecryptfs_daemon *daemon;
struct ecryptfs_msg_ctx *msg_ctx;
size_t packet_length_size;
u32 counter_nbo;
char packet_length[3];
size_t i;
size_t total_length;
......@@ -328,20 +327,18 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
"pending message\n", __func__, count, total_length);
goto out_unlock_msg_ctx;
}
i = 0;
buf[i++] = msg_ctx->type;
counter_nbo = cpu_to_be32(msg_ctx->counter);
memcpy(&buf[i], (char *)&counter_nbo, 4);
i += 4;
rc = -EFAULT;
if (put_user(msg_ctx->type, buf))
goto out_unlock_msg_ctx;
if (put_user(cpu_to_be32(msg_ctx->counter), (__be32 __user *)(buf + 1)))
goto out_unlock_msg_ctx;
i = 5;
if (msg_ctx->msg) {
memcpy(&buf[i], packet_length, packet_length_size);
if (copy_to_user(&buf[i], packet_length, packet_length_size))
goto out_unlock_msg_ctx;
i += packet_length_size;
rc = copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size);
if (rc) {
printk(KERN_ERR "%s: copy_to_user returned error "
"[%d]\n", __func__, rc);
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
goto out_unlock_msg_ctx;
}
i += msg_ctx->msg_size;
}
rc = i;
......@@ -452,7 +449,8 @@ static ssize_t
ecryptfs_miscdev_write(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
u32 counter_nbo, seq;
__be32 counter_nbo;
u32 seq;
size_t packet_size, packet_size_length, i;
ssize_t sz = 0;
char *data;
......@@ -485,7 +483,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
count);
goto out_free;
}
memcpy((char *)&counter_nbo, &data[i], 4);
memcpy(&counter_nbo, &data[i], 4);
seq = be32_to_cpu(counter_nbo);
i += 4;
rc = ecryptfs_parse_packet_length(&data[i], &packet_size,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
反馈
建议 客服 返回
顶部