2005-05-26 Roland McGrath <roland@redhat.com>

* system.c (sys_sysctl): Check for errors accessing user pointers. Use malloc instead of alloca in case size is insane.
2005-05-26 23:21:09 +00:00 · 2005-05-26 23:21:09 +00:00 · 2cbe44e441
commit 2cbe44e441
parent 682291ec61
1 changed files with 15 additions and 3 deletions
--- a/system.c
+++ b/system.c
@ -1822,10 +1822,20 @@ struct tcb *tcp;
 {
 	struct __sysctl_args info;
 	int *name;
-	umove (tcp, tcp->u_arg[0], &info);
+	if (umove (tcp, tcp->u_arg[0], &info) < 0)
+		return printargs(tcp);

-	name = alloca (sizeof (int) * info.nlen);
-	umoven(tcp, (size_t) info.name, sizeof (int) * info.nlen, (char *) name);
+	name = malloc (sizeof (int) * info.nlen);
+	if (name == NULL ||
+	    umoven(tcp, (unsigned long) info.name,
+		   sizeof (int) * info.nlen, (char *) name) < 0) {
+		if (name != NULL)
+			free(name);
+		tprintf("{%p, %d, %p, %p, %p, %Zu}",
+			info.name, info.nlen, info.oldval, info.oldlenp,
+			info.newval, info.newlen);
+		return 0;
+	}

 	if (entering(tcp)) {
 		int cnt = 0;
@ -1950,6 +1960,8 @@ struct tcb *tcp;
 		}
 		tprintf("}");
 	}
+
+	free(name);
 	return 0;
 }
 #else