Commit 1d1dbf8135ab2f3603cc72e39e0f68784f453c39
1 parent
bb3c90f0de
Exists in
master
and in
4 other branches
exec: introduce get_user_arg_ptr() helper
Introduce get_user_arg_ptr() helper, convert count() and copy_strings() to use it. No functional changes, preparation. This helper is trivial, it just reads the pointer from argv/envp user-space array. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Showing 1 changed file with 25 additions and 11 deletions Side-by-side Diff
fs/exec.c
... | ... | @@ -398,6 +398,17 @@ |
398 | 398 | return err; |
399 | 399 | } |
400 | 400 | |
401 | +static const char __user * | |
402 | +get_user_arg_ptr(const char __user * const __user *argv, int nr) | |
403 | +{ | |
404 | + const char __user *ptr; | |
405 | + | |
406 | + if (get_user(ptr, argv + nr)) | |
407 | + return ERR_PTR(-EFAULT); | |
408 | + | |
409 | + return ptr; | |
410 | +} | |
411 | + | |
401 | 412 | /* |
402 | 413 | * count() counts the number of strings in array ARGV. |
403 | 414 | */ |
404 | 415 | |
405 | 416 | |
... | ... | @@ -407,13 +418,14 @@ |
407 | 418 | |
408 | 419 | if (argv != NULL) { |
409 | 420 | for (;;) { |
410 | - const char __user * p; | |
421 | + const char __user *p = get_user_arg_ptr(argv, i); | |
411 | 422 | |
412 | - if (get_user(p, argv)) | |
413 | - return -EFAULT; | |
414 | 423 | if (!p) |
415 | 424 | break; |
416 | - argv++; | |
425 | + | |
426 | + if (IS_ERR(p)) | |
427 | + return -EFAULT; | |
428 | + | |
417 | 429 | if (i++ >= max) |
418 | 430 | return -E2BIG; |
419 | 431 | |
420 | 432 | |
421 | 433 | |
422 | 434 | |
... | ... | @@ -443,16 +455,18 @@ |
443 | 455 | int len; |
444 | 456 | unsigned long pos; |
445 | 457 | |
446 | - if (get_user(str, argv+argc) || | |
447 | - !(len = strnlen_user(str, MAX_ARG_STRLEN))) { | |
448 | - ret = -EFAULT; | |
458 | + ret = -EFAULT; | |
459 | + str = get_user_arg_ptr(argv, argc); | |
460 | + if (IS_ERR(str)) | |
449 | 461 | goto out; |
450 | - } | |
451 | 462 | |
452 | - if (!valid_arg_len(bprm, len)) { | |
453 | - ret = -E2BIG; | |
463 | + len = strnlen_user(str, MAX_ARG_STRLEN); | |
464 | + if (!len) | |
454 | 465 | goto out; |
455 | - } | |
466 | + | |
467 | + ret = -E2BIG; | |
468 | + if (!valid_arg_len(bprm, len)) | |
469 | + goto out; | |
456 | 470 | |
457 | 471 | /* We're going to work our way backwords. */ |
458 | 472 | pos = bprm->p; |