提交 fb92a4b0 编写于 作者: V Vincent Li 提交者: Linus Torvalds

fs/proc/task_mmu.c v1: fix clear_refs_write() input sanity check

Andrew Morton pointed out similar string hacking and obfuscated check for
zero-length input at the end of the function, David Rientjes suggested to
use strict_strtol to replace simple_strtol, this patch cover above
suggestions, add removing of leading and trailing whitespace from user
input.  It does not change function behavious.
Signed-off-by: NVincent Li <macli@brc.ubc.ca>
Acked-by: NDavid Rientjes <rientjes@google.com>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Amerigo Wang <xiyou.wangcong@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 acef82b8
......@@ -473,21 +473,20 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
struct task_struct *task;
char buffer[PROC_NUMBUF], *end;
char buffer[PROC_NUMBUF];
struct mm_struct *mm;
struct vm_area_struct *vma;
int type;
long type;
memset(buffer, 0, sizeof(buffer));
if (count > sizeof(buffer) - 1)
count = sizeof(buffer) - 1;
if (copy_from_user(buffer, buf, count))
return -EFAULT;
type = simple_strtol(buffer, &end, 0);
if (strict_strtol(strstrip(buffer), 10, &type))
return -EINVAL;
if (type < CLEAR_REFS_ALL || type > CLEAR_REFS_MAPPED)
return -EINVAL;
if (*end == '\n')
end++;
task = get_proc_task(file->f_path.dentry->d_inode);
if (!task)
return -ESRCH;
......@@ -523,9 +522,8 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
mmput(mm);
}
put_task_struct(task);
if (end - buffer == 0)
return -EIO;
return end - buffer;
return count;
}
const struct file_operations proc_clear_refs_operations = {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册