exec: introduce get_user_arg_ptr() helper

Introduce get_user_arg_ptr() helper, convert count() and copy_strings() to use it. No functional changes, preparation. This helper is trivial, it just reads the pointer from argv/envp user-space array. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>

exec: introduce get_user_arg_ptr() helper
Introduce get_user_arg_ptr() helper, convert count() and copy_strings() to use it. No functional changes, preparation. This helper is trivial, it just reads the pointer from argv/envp user-space array. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Oleg Nesterov
1 parent bb3c90f0de
Showing 1 changed file with 25 additions and 11 deletions Side-by-side Diff
fs/exec.c
@@ -398,6 +398,17 @@
 	return err;
 }
  
+static const char __user *
+get_user_arg_ptr(const char __user * const __user *argv, int nr)
+{
+	const char __user *ptr;
+
+	if (get_user(ptr, argv + nr))
+		return ERR_PTR(-EFAULT);
+
+	return ptr;
+}
+
 /*
  * count() counts the number of strings in array ARGV.
  */
  
  
@@ -407,13 +418,14 @@
  
 	if (argv != NULL) {
 		for (;;) {
-			const char __user * p;
+			const char __user *p = get_user_arg_ptr(argv, i);
  
-			if (get_user(p, argv))
-				return -EFAULT;
 			if (!p)
 				break;
-			argv++;
+
+			if (IS_ERR(p))
+				return -EFAULT;
+
 			if (i++ >= max)
 				return -E2BIG;
  
  
  
  
@@ -443,16 +455,18 @@
 		int len;
 		unsigned long pos;
  
-		if (get_user(str, argv+argc) ||
-				!(len = strnlen_user(str, MAX_ARG_STRLEN))) {
-			ret = -EFAULT;
+		ret = -EFAULT;
+		str = get_user_arg_ptr(argv, argc);
+		if (IS_ERR(str))
 			goto out;
-		}
  
-		if (!valid_arg_len(bprm, len)) {
-			ret = -E2BIG;
+		len = strnlen_user(str, MAX_ARG_STRLEN);
+		if (!len)
 			goto out;
-		}
+
+		ret = -E2BIG;
+		if (!valid_arg_len(bprm, len))
+			goto out;
  
 		/* We're going to work our way backwords. */
 		pos = bprm->p;
...	...	@@ -398,6 +398,17 @@
398	398	return err;
399	399	}
400	400
	401	+static const char __user *
	402	+get_user_arg_ptr(const char __user * const __user *argv, int nr)
	403	+{
	404	+ const char __user *ptr;
	405	+
	406	+ if (get_user(ptr, argv + nr))
	407	+ return ERR_PTR(-EFAULT);
	408	+
	409	+ return ptr;
	410	+}
	411	+
401	412	/*
402	413	* count() counts the number of strings in array ARGV.
403	414	*/
404	415
405	416
...	...	@@ -407,13 +418,14 @@
407	418
408	419	if (argv != NULL) {
409	420	for (;;) {
410		- const char __user * p;
	421	+ const char __user *p = get_user_arg_ptr(argv, i);
411	422
412		- if (get_user(p, argv))
413		- return -EFAULT;
414	423	if (!p)
415	424	break;
416		- argv++;
	425	+
	426	+ if (IS_ERR(p))
	427	+ return -EFAULT;
	428	+
417	429	if (i++ >= max)
418	430	return -E2BIG;
419	431
420	432
421	433
422	434
...	...	@@ -443,16 +455,18 @@
443	455	int len;
444	456	unsigned long pos;
445	457
446		- if (get_user(str, argv+argc) \|\|
447		- !(len = strnlen_user(str, MAX_ARG_STRLEN))) {
448		- ret = -EFAULT;
	458	+ ret = -EFAULT;
	459	+ str = get_user_arg_ptr(argv, argc);
	460	+ if (IS_ERR(str))
449	461	goto out;
450		- }
451	462
452		- if (!valid_arg_len(bprm, len)) {
453		- ret = -E2BIG;
	463	+ len = strnlen_user(str, MAX_ARG_STRLEN);
	464	+ if (!len)
454	465	goto out;
455		- }
	466	+
	467	+ ret = -E2BIG;
	468	+ if (!valid_arg_len(bprm, len))
	469	+ goto out;
456	470
457	471	/* We're going to work our way backwords. */
458	472	pos = bprm->p;