Re: [PATCHv2 1/4] actual sys_indirect code

Eric Dumazet Thu, 15 Nov 2007 19:07:47 -0800

Ulrich Drepper a écrit :

This is the actual architecture-independent part of the system call
implementation.

+
+long sys_indirect(struct indirect_registers __user *userregs,
+                 void __user *userparams, size_t paramslen)
+{
+       struct indirect_registers regs;
+       long result;
+
+       if (copy_from_user(&regs, userregs, sizeof(regs)))
+               return -EFAULT;
+
+       switch (INDIRECT_SYSCALL (&regs))
+       {
+#ifdef __NR_accept
+       case __NR_accept:
+#endif
+#ifdef __NR_socketpair
+       case __NR_socketpair:
+#endif
+#ifdef __NR_socket
+       case __NR_socket:
+#endif
+#ifdef __NR_socketcall
+       case __NR_socketcall:
+#endif
+               break;
+
+       default:
+               return -EINVAL;
+       }
+
+       if (paramslen > sizeof(union indirect_params))
+               return -EINVAL;
+       if (copy_from_user(&current->indirect_params, userparams, paramslen))


Here, you should clear current->indirect_params before returning -EFAULT
                {
                memset(&current->indirect_params, 0, paramslen);

+               return -EFAULT;

copy_from_user could do a partial copy (so dirty first bytes ofindirect_params) and all furthers calls to socket()/open() and so on could bebroken.

+
+       result = CALL_INDIRECT(&regs);
+
+       memset(&current->indirect_params, '\0', paramslen);
+
+       return result;
+}
-


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCHv2 1/4] actual sys_indirect code

Reply via email to