[PATCH] new sysctl checking accesses userspace directly

The recent change from Andi breaks here: tmp.name is user pointer, not array in __sysctl_args, and so it is better to access it through copy_from_user instead of directly.
author: Petr Vandrovec <vandrove@vc.cvut.cz> 2003-07-12 21:29:09 -0700
committer: Linus Torvalds <torvalds@home.osdl.org> 2003-07-12 21:29:09 -0700
commit: 816931f902d8a535ff7581908d427c5f7b634213 (patch)
tree: 0c721b7c6c62fdd8a3331d391ffb5ecfc76068ef /kernel
parent: 692dd963da02f24ced2c84773b7229e17610a3d8 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 6863399cb1dc..5a74e99e9db7 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -848,17 +848,25 @@ int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *ol
 asmlinkage long sys_sysctl(struct __sysctl_args __user *args)
 {
 	struct __sysctl_args tmp;
+	int name[2];
 	int error;
 
 	if (copy_from_user(&tmp, args, sizeof(tmp)))
 		return -EFAULT;
 	
-	if (tmp.nlen != 2 || tmp.name[0] != CTL_KERN ||
-	    tmp.name[1] != KERN_VERSION) { 
+	if (tmp.nlen != 2 || copy_from_user(name, tmp.name, sizeof(name)) ||
+	    name[0] != CTL_KERN || name[1] != KERN_VERSION) { 
 		int i;
 		printk(KERN_INFO "%s: numerical sysctl ", current->comm); 
-		for (i = 0; i < tmp.nlen; i++) 
-			printk("%d ", tmp.name[i]); 
+		for (i = 0; i < tmp.nlen; i++) {
+			int n;
+			
+			if (get_user(n, tmp.name+i)) {
+				printk("? ");
+			} else {
+				printk("%d ", n);
+			}
+		}
 		printk("is obsolete.\n");
 	}
author	Petr Vandrovec <vandrove@vc.cvut.cz>	2003-07-12 21:29:09 -0700
committer	Linus Torvalds <torvalds@home.osdl.org>	2003-07-12 21:29:09 -0700
commit	816931f902d8a535ff7581908d427c5f7b634213 (patch)
tree	0c721b7c6c62fdd8a3331d391ffb5ecfc76068ef /kernel
parent	692dd963da02f24ced2c84773b7229e17610a3d8 (diff)