Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull waitid fix from Al Viro: "Fix infoleak in waitid()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix infoleak in waitid(2)
This commit is contained in:
commit
99637e4268
@ -1600,12 +1600,10 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
|
|||||||
struct waitid_info info = {.status = 0};
|
struct waitid_info info = {.status = 0};
|
||||||
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
|
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
|
||||||
int signo = 0;
|
int signo = 0;
|
||||||
|
|
||||||
if (err > 0) {
|
if (err > 0) {
|
||||||
signo = SIGCHLD;
|
signo = SIGCHLD;
|
||||||
err = 0;
|
err = 0;
|
||||||
}
|
|
||||||
|
|
||||||
if (!err) {
|
|
||||||
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
}
|
}
|
||||||
@ -1723,16 +1721,15 @@ COMPAT_SYSCALL_DEFINE5(waitid,
|
|||||||
if (err > 0) {
|
if (err > 0) {
|
||||||
signo = SIGCHLD;
|
signo = SIGCHLD;
|
||||||
err = 0;
|
err = 0;
|
||||||
}
|
if (uru) {
|
||||||
|
/* kernel_waitid() overwrites everything in ru */
|
||||||
if (!err && uru) {
|
if (COMPAT_USE_64BIT_TIME)
|
||||||
/* kernel_waitid() overwrites everything in ru */
|
err = copy_to_user(uru, &ru, sizeof(ru));
|
||||||
if (COMPAT_USE_64BIT_TIME)
|
else
|
||||||
err = copy_to_user(uru, &ru, sizeof(ru));
|
err = put_compat_rusage(&ru, uru);
|
||||||
else
|
if (err)
|
||||||
err = put_compat_rusage(&ru, uru);
|
return -EFAULT;
|
||||||
if (err)
|
}
|
||||||
return -EFAULT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!infop)
|
if (!infop)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user