[PATCH 3/5] UML - Improved error handling while locating temp dir
From: Jim Meyering <[EMAIL PROTECTED]>
* arch/um/os-Linux/mem.c (make_tempfile): Don't deref NULL upon failed malloc.
* arch/um/os-Linux/mem.c (make_tempfile): Handle NULL tempdir.
Don't let a long tempdir (e.g., via TMPDIR) provoke heap corruption.
[ jdike - formatting cleanups, deleted obsolete comment ]
Signed-off-by: Jim Meyering <[EMAIL PROTECTED]>
Signed-off-by: Jeff Dike <[EMAIL PROTECTED]>
---
arch/um/os-Linux/mem.c | 15 ++-
1 file changed, 6 insertions(+), 9 deletions(-)
Index: linux-2.6-git/arch/um/os-Linux/mem.c
===
--- linux-2.6-git.orig/arch/um/os-Linux/mem.c 2008-02-05 13:20:46.0
-0500
+++ linux-2.6-git/arch/um/os-Linux/mem.c2008-02-05 16:37:37.0
-0500
@@ -162,11 +162,6 @@ found:
goto out;
}
-/*
- * This proc still used in tt-mode
- * (file: kernel/tt/ptproxy/proxy.c, proc: start_debugger).
- * So it isn't 'static' yet.
- */
static int __init make_tempfile(const char *template, char **out_tempname,
int do_unlink)
{
@@ -175,10 +170,13 @@ static int __init make_tempfile(const ch
which_tmpdir();
tempname = malloc(MAXPATHLEN);
- if (!tempname)
- goto out;
+ if (tempname == NULL)
+ return -1;
find_tempdir();
+ if ((tempdir == NULL) || (strlen(tempdir) >= MAXPATHLEN))
+ return -1;
+
if (template[0] != '/')
strcpy(tempname, tempdir);
else
@@ -196,9 +194,8 @@ static int __init make_tempfile(const ch
}
if (out_tempname) {
*out_tempname = tempname;
- } else {
+ } else
free(tempname);
- }
return fd;
out:
free(tempname);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/5] UML - Improved error handling while locating temp dir
From: Jim Meyering [EMAIL PROTECTED]
* arch/um/os-Linux/mem.c (make_tempfile): Don't deref NULL upon failed malloc.
* arch/um/os-Linux/mem.c (make_tempfile): Handle NULL tempdir.
Don't let a long tempdir (e.g., via TMPDIR) provoke heap corruption.
[ jdike - formatting cleanups, deleted obsolete comment ]
Signed-off-by: Jim Meyering [EMAIL PROTECTED]
Signed-off-by: Jeff Dike [EMAIL PROTECTED]
---
arch/um/os-Linux/mem.c | 15 ++-
1 file changed, 6 insertions(+), 9 deletions(-)
Index: linux-2.6-git/arch/um/os-Linux/mem.c
===
--- linux-2.6-git.orig/arch/um/os-Linux/mem.c 2008-02-05 13:20:46.0
-0500
+++ linux-2.6-git/arch/um/os-Linux/mem.c2008-02-05 16:37:37.0
-0500
@@ -162,11 +162,6 @@ found:
goto out;
}
-/*
- * This proc still used in tt-mode
- * (file: kernel/tt/ptproxy/proxy.c, proc: start_debugger).
- * So it isn't 'static' yet.
- */
static int __init make_tempfile(const char *template, char **out_tempname,
int do_unlink)
{
@@ -175,10 +170,13 @@ static int __init make_tempfile(const ch
which_tmpdir();
tempname = malloc(MAXPATHLEN);
- if (!tempname)
- goto out;
+ if (tempname == NULL)
+ return -1;
find_tempdir();
+ if ((tempdir == NULL) || (strlen(tempdir) = MAXPATHLEN))
+ return -1;
+
if (template[0] != '/')
strcpy(tempname, tempdir);
else
@@ -196,9 +194,8 @@ static int __init make_tempfile(const ch
}
if (out_tempname) {
*out_tempname = tempname;
- } else {
+ } else
free(tempname);
- }
return fd;
out:
free(tempname);
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
