aboutsummaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2013-02-21 13:30:42 +0100
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2013-02-28 09:37:08 +0100
commitf45655f6a65538237359abce55edab9cfcc6d82f (patch)
treebf392ffe658ae512ed992ff24a3b6f5a32c092f7 /arch
parentd7b788cd06a3080ebf0b2f5f2e008d4fda2b336e (diff)
downloadlinux-linaro-stable-f45655f6a65538237359abce55edab9cfcc6d82f.tar.gz
s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case
If the maximum length specified for the to be accessed string for strncpy_from_user() and strnlen_user() is zero the following incorrect values would be returned or incorrect memory accesses would happen: strnlen_user_std() and strnlen_user_pt() incorrectly return "1" strncpy_from_user_pt() would incorrectly access "dst[maxlen - 1]" strncpy_from_user_mvcos() would incorrectly return "-EFAULT" Fix all these oddities by adding early checks. Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch')
-rw-r--r--arch/s390/lib/uaccess_mvcos.c2
-rw-r--r--arch/s390/lib/uaccess_pt.c4
-rw-r--r--arch/s390/lib/uaccess_std.c2
3 files changed, 8 insertions, 0 deletions
diff --git a/arch/s390/lib/uaccess_mvcos.c b/arch/s390/lib/uaccess_mvcos.c
index 7f3eb3d56024..1829742bf479 100644
--- a/arch/s390/lib/uaccess_mvcos.c
+++ b/arch/s390/lib/uaccess_mvcos.c
@@ -184,6 +184,8 @@ static size_t strncpy_from_user_mvcos(size_t count, const char __user *src,
{
size_t done, len, offset, len_str;
+ if (unlikely(!count))
+ return 0;
done = 0;
do {
offset = (size_t)src & ~PAGE_MASK;
diff --git a/arch/s390/lib/uaccess_pt.c b/arch/s390/lib/uaccess_pt.c
index a70ee84c0241..c1aaf22c326b 100644
--- a/arch/s390/lib/uaccess_pt.c
+++ b/arch/s390/lib/uaccess_pt.c
@@ -172,6 +172,8 @@ static size_t strnlen_user_pt(size_t count, const char __user *src)
unsigned long offset, done, len, kaddr;
size_t len_str;
+ if (unlikely(!count))
+ return 0;
if (segment_eq(get_fs(), KERNEL_DS))
return strnlen((const char __kernel __force *) src, count) + 1;
done = 0;
@@ -202,6 +204,8 @@ static size_t strncpy_from_user_pt(size_t count, const char __user *src,
{
size_t n = strnlen_user_pt(count, src);
+ if (unlikely(!count))
+ return 0;
if (!n)
return -EFAULT;
if (n > count)
diff --git a/arch/s390/lib/uaccess_std.c b/arch/s390/lib/uaccess_std.c
index 6fbd06338270..79c6c7d76e08 100644
--- a/arch/s390/lib/uaccess_std.c
+++ b/arch/s390/lib/uaccess_std.c
@@ -188,6 +188,8 @@ size_t strnlen_user_std(size_t size, const char __user *src)
register unsigned long reg0 asm("0") = 0UL;
unsigned long tmp1, tmp2;
+ if (unlikely(!size))
+ return 0;
asm volatile(
" la %2,0(%1)\n"
" la %3,0(%0,%1)\n"