[parisc-linux] [ron@rongage.org: [Patchbomb] - Copy_to/from_user audit - parisc -RESEND]

Randolph Chung Randolph Chung <randolph@tausq.org>
Sun, 31 Aug 2003 11:56:49 -0700


> This patch catches insures proper return values from 
> copy_to/from_user calls.

um, some of these are not quite correct.

> +++ linux-2.6.0-test4-patched/arch/parisc/kernel/signal32.c	2003-08-29 21:38:02.000000000 -0400
> @@ -38,7 +38,7 @@
>  	if (sz != sizeof *set) panic("put_sigset32()");
>  	sigset_64to32(&s, set);
>  
> -	return copy_to_user(up, &s, sizeof s);
> +	return copy_to_user(up, &s, sizeof s) ? -EFAULT : 0 ;
>  }

this one is for put_sigset32, which is used like this:

        if (!ret && oset && put_sigset32(oset, &old_set, sigsetsize))
                return -EFAULT;

so your patch is not needed.

> --- linux-2.6.0-test4/arch/parisc/kernel/sys_parisc32.c	2003-08-22 19:54:17.000000000 -0400
> +++ linux-2.6.0-test4-patched/arch/parisc/kernel/sys_parisc32.c	2003-08-29 21:36:59.000000000 -0400
> @@ -370,7 +370,7 @@
>  	struct compat_timeval t32;
>  	t32.tv_sec = t->tv_sec;
>  	t32.tv_usec = t->tv_usec;
> -	return copy_to_user(u, &t32, sizeof t32);
> +	return copy_to_user(u, &t32, sizeof t32) ? -EFAULT : 0 ;
>  }

this one is similar.

>  static int
> diff -urN linux-2.6.0-test4/arch/parisc/kernel/sys_parisc.c linux-2.6.0-test4-patched/arch/parisc/kernel/sys_parisc.c
> --- linux-2.6.0-test4/arch/parisc/kernel/sys_parisc.c	2003-08-22 19:59:03.000000000 -0400
> +++ linux-2.6.0-test4-patched/arch/parisc/kernel/sys_parisc.c	2003-08-29 21:36:06.000000000 -0400
> @@ -271,7 +271,7 @@
>  	tbuf.shm_cpid = sbuf->shm_cpid;
>  	tbuf.shm_lpid = sbuf->shm_lpid;
>  	tbuf.shm_nattch = sbuf->shm_nattch;
> -	return copy_to_user(buf, &tbuf, sizeof tbuf);
> +	return copy_to_user(buf, &tbuf, sizeof tbuf) ? -EFAULT : 0;
>  }
>  
>  int sys_msgctl_broken(int msqid, int cmd, struct msqid_ds *buf)

this one seems correct. i'll apply it to the parisc tree.

thx
randolph
-- 
Randolph Chung
Debian GNU/Linux Developer, hppa/ia64 ports
http://www.tausq.org/