diff options
| author | Heiko Carstens <[email protected]> | 2013-02-21 12:30:42 +0000 |
|---|---|---|
| committer | Martin Schwidefsky <[email protected]> | 2013-02-28 08:37:08 +0000 |
| commit | f45655f6a65538237359abce55edab9cfcc6d82f (patch) | |
| tree | bf392ffe658ae512ed992ff24a3b6f5a32c092f7 /arch/s390/lib/uaccess_std.c | |
| parent | s390/uaccess: shorten strncpy_from_user/strnlen_user (diff) | |
| download | kernel-f45655f6a65538237359abce55edab9cfcc6d82f.tar.gz kernel-f45655f6a65538237359abce55edab9cfcc6d82f.zip | |
s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case
If the maximum length specified for the to be accessed string for
strncpy_from_user() and strnlen_user() is zero the following incorrect
values would be returned or incorrect memory accesses would happen:
strnlen_user_std() and strnlen_user_pt() incorrectly return "1"
strncpy_from_user_pt() would incorrectly access "dst[maxlen - 1]"
strncpy_from_user_mvcos() would incorrectly return "-EFAULT"
Fix all these oddities by adding early checks.
Reviewed-by: Gerald Schaefer <[email protected]>
Signed-off-by: Heiko Carstens <[email protected]>
Signed-off-by: Martin Schwidefsky <[email protected]>
Diffstat (limited to 'arch/s390/lib/uaccess_std.c')
| -rw-r--r-- | arch/s390/lib/uaccess_std.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/s390/lib/uaccess_std.c b/arch/s390/lib/uaccess_std.c index 6fbd06338270..79c6c7d76e08 100644 --- a/arch/s390/lib/uaccess_std.c +++ b/arch/s390/lib/uaccess_std.c @@ -188,6 +188,8 @@ size_t strnlen_user_std(size_t size, const char __user *src) register unsigned long reg0 asm("0") = 0UL; unsigned long tmp1, tmp2; + if (unlikely(!size)) + return 0; asm volatile( " la %2,0(%1)\n" " la %3,0(%0,%1)\n" |