* [PATCH 2/2] strndup_user, convert (keyctl)
@ 2006-02-15 21:23 Davi Arnaut
2006-02-16 1:30 ` Alan Cox
0 siblings, 1 reply; 2+ messages in thread
From: Davi Arnaut @ 2006-02-15 21:23 UTC (permalink / raw)
To: torvalds; +Cc: davi.arnaut, akpm, linux-kernel
Convert security/keys/keyctl.c string duplication to strdup_user()
Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com>
--
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 0c62798..ff1417e 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -17,6 +17,7 @@
#include <linux/keyctl.h>
#include <linux/fs.h>
#include <linux/capability.h>
+#include <linux/string.h>
#include <linux/err.h>
#include <asm/uaccess.h>
#include "internal.h"
@@ -38,7 +39,7 @@ asmlinkage long sys_add_key(const char _
key_ref_t keyring_ref, key_ref;
char type[32], *description;
void *payload;
- long dlen, ret;
+ long ret;
ret = -EINVAL;
if (plen > 32767)
@@ -54,24 +55,11 @@ asmlinkage long sys_add_key(const char _
if (type[0] == '.')
goto error;
- ret = -EFAULT;
- dlen = strnlen_user(_description, PAGE_SIZE - 1);
- if (dlen <= 0)
- goto error;
-
- ret = -EINVAL;
- if (dlen > PAGE_SIZE - 1)
- goto error;
-
- ret = -ENOMEM;
- description = kmalloc(dlen + 1, GFP_KERNEL);
- if (!description)
+ description = strdup_user(_description);
+ if (IS_ERR(description)) {
+ ret = PTR_ERR(description);
goto error;
- description[dlen] = '\0';
-
- ret = -EFAULT;
- if (copy_from_user(description, _description, dlen) != 0)
- goto error2;
+ }
/* pull the payload in if one was supplied */
payload = NULL;
@@ -136,7 +124,7 @@ asmlinkage long sys_request_key(const ch
struct key *key;
key_ref_t dest_ref;
char type[32], *description, *callout_info;
- long dlen, ret;
+ long ret;
/* pull the type into kernel space */
ret = strncpy_from_user(type, _type, sizeof(type) - 1);
@@ -149,46 +137,20 @@ asmlinkage long sys_request_key(const ch
goto error;
/* pull the description into kernel space */
- ret = -EFAULT;
- dlen = strnlen_user(_description, PAGE_SIZE - 1);
- if (dlen <= 0)
- goto error;
-
- ret = -EINVAL;
- if (dlen > PAGE_SIZE - 1)
- goto error;
-
- ret = -ENOMEM;
- description = kmalloc(dlen + 1, GFP_KERNEL);
- if (!description)
+ description = strdup_user(_description);
+ if (IS_ERR(description)) {
+ ret = PTR_ERR(description);
goto error;
- description[dlen] = '\0';
-
- ret = -EFAULT;
- if (copy_from_user(description, _description, dlen) != 0)
- goto error2;
+ }
/* pull the callout info into kernel space */
callout_info = NULL;
if (_callout_info) {
- ret = -EFAULT;
- dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
- if (dlen <= 0)
- goto error2;
-
- ret = -EINVAL;
- if (dlen > PAGE_SIZE - 1)
- goto error2;
-
- ret = -ENOMEM;
- callout_info = kmalloc(dlen + 1, GFP_KERNEL);
- if (!callout_info)
+ callout_info = strdup_user(_callout_info);
+ if (IS_ERR(callout_info)) {
+ ret = PTR_ERR(callout_info);
goto error2;
- callout_info[dlen] = '\0';
-
- ret = -EFAULT;
- if (copy_from_user(callout_info, _callout_info, dlen) != 0)
- goto error3;
+ }
}
/* get the destination keyring if specified */
@@ -264,36 +226,21 @@ long keyctl_get_keyring_ID(key_serial_t
long keyctl_join_session_keyring(const char __user *_name)
{
char *name;
- long nlen, ret;
+ long ret;
/* fetch the name from userspace */
name = NULL;
if (_name) {
- ret = -EFAULT;
- nlen = strnlen_user(_name, PAGE_SIZE - 1);
- if (nlen <= 0)
+ name = strdup_user(_name);
+ if (IS_ERR(name)) {
+ ret = PTR_ERR(name);
goto error;
-
- ret = -EINVAL;
- if (nlen > PAGE_SIZE - 1)
- goto error;
-
- ret = -ENOMEM;
- name = kmalloc(nlen + 1, GFP_KERNEL);
- if (!name)
- goto error;
- name[nlen] = '\0';
-
- ret = -EFAULT;
- if (copy_from_user(name, _name, nlen) != 0)
- goto error2;
+ }
}
/* join the session */
ret = join_session_keyring(name);
- error2:
- kfree(name);
error:
return ret;
@@ -566,7 +513,7 @@ long keyctl_keyring_search(key_serial_t
struct key_type *ktype;
key_ref_t keyring_ref, key_ref, dest_ref;
char type[32], *description;
- long dlen, ret;
+ long ret;
/* pull the type and description into kernel space */
ret = strncpy_from_user(type, _type, sizeof(type) - 1);
@@ -574,24 +521,11 @@ long keyctl_keyring_search(key_serial_t
goto error;
type[31] = '\0';
- ret = -EFAULT;
- dlen = strnlen_user(_description, PAGE_SIZE - 1);
- if (dlen <= 0)
- goto error;
-
- ret = -EINVAL;
- if (dlen > PAGE_SIZE - 1)
+ description = strdup_user(_description);
+ if (IS_ERR(description)) {
+ ret = PTR_ERR(description);
goto error;
-
- ret = -ENOMEM;
- description = kmalloc(dlen + 1, GFP_KERNEL);
- if (!description)
- goto error;
- description[dlen] = '\0';
-
- ret = -EFAULT;
- if (copy_from_user(description, _description, dlen) != 0)
- goto error2;
+ }
/* get the keyring at which to begin the search */
keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 2/2] strndup_user, convert (keyctl)
2006-02-15 21:23 [PATCH 2/2] strndup_user, convert (keyctl) Davi Arnaut
@ 2006-02-16 1:30 ` Alan Cox
0 siblings, 0 replies; 2+ messages in thread
From: Alan Cox @ 2006-02-16 1:30 UTC (permalink / raw)
To: Davi Arnaut; +Cc: torvalds, akpm, linux-kernel
On Mer, 2006-02-15 at 18:23 -0300, Davi Arnaut wrote:
> Convert security/keys/keyctl.c string duplication to strdup_user()
Even if your implementation of strndup_user was correct this may break
stuff in some obscure cases that worked before as you've changed the
behaviour from PAGE_SIZE to 4096 and they are not the same on all
platforms.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-02-16 1:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-02-15 21:23 [PATCH 2/2] strndup_user, convert (keyctl) Davi Arnaut
2006-02-16 1:30 ` Alan Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox