提交 f8f8a727 编写于 作者: A Al Viro

get_compat_bpf_fprog(): don't copyin field-by-field

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
上级 5da028a8
......@@ -313,15 +313,15 @@ struct sock_fprog __user *get_compat_bpf_fprog(char __user *optval)
{
struct compat_sock_fprog __user *fprog32 = (struct compat_sock_fprog __user *)optval;
struct sock_fprog __user *kfprog = compat_alloc_user_space(sizeof(struct sock_fprog));
compat_uptr_t ptr;
u16 len;
if (!access_ok(VERIFY_READ, fprog32, sizeof(*fprog32)) ||
!access_ok(VERIFY_WRITE, kfprog, sizeof(struct sock_fprog)) ||
__get_user(len, &fprog32->len) ||
__get_user(ptr, &fprog32->filter) ||
__put_user(len, &kfprog->len) ||
__put_user(compat_ptr(ptr), &kfprog->filter))
struct compat_sock_fprog f32;
struct sock_fprog f;
if (copy_from_user(&f32, fprog32, sizeof(*fprog32)))
return NULL;
memset(&f, 0, sizeof(f));
f.len = f32.len;
f.filter = compat_ptr(f32.filter);
if (copy_to_user(kfprog, &f, sizeof(struct sock_fprog)))
return NULL;
return kfprog;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册