sparc: missing checks of __get_user()/__put_user() return values

author Al Viro <viro@zeniv.linux.org.uk>

Sun, 22 Apr 2012 20:51:36 +0000 (16:51 -0400)

committer Al Viro <viro@zeniv.linux.org.uk>

Tue, 22 May 2012 03:59:21 +0000 (23:59 -0400)
author Al Viro <viro@zeniv.linux.org.uk>
Sun, 22 Apr 2012 20:51:36 +0000 (16:51 -0400)
committer Al Viro <viro@zeniv.linux.org.uk>
Tue, 22 May 2012 03:59:21 +0000 (23:59 -0400)
diff --git a/arch/sparc/kernel/signal32.c b/arch/sparc/kernel/signal32.c

index 948700f..bb1513e 100644 (file)
--- a/arch/sparc/kernel/signal32.c
+++ b/arch/sparc/kernel/signal32.c
@@ -215,8 +215,9 @@ void do_sigreturn32(struct pt_regs *regs)
             (((unsigned long) sf) & 3))
                 goto segv;
  
-       get_user(pc, &sf->info.si_regs.pc);
-       __get_user(npc, &sf->info.si_regs.npc);
+       if (get_user(pc, &sf->info.si_regs.pc) ||
+           __get_user(npc, &sf->info.si_regs.npc))
+               goto segv;
  
         if ((pc | npc) & 3)
                 goto segv;
@@ -305,8 +306,9 @@ asmlinkage void do_rt_sigreturn32(struct pt_regs *regs)
             (((unsigned long) sf) & 3))
                 goto segv;
  
-       get_user(pc, &sf->regs.pc);
-       __get_user(npc, &sf->regs.npc);
+       if (get_user(pc, &sf->regs.pc) || 
+           __get_user(npc, &sf->regs.npc))
+               goto segv;
  
         if ((pc | npc) & 3)
                 goto segv;
diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c

index 627e89a..cd99c1a 100644 (file)
--- a/arch/sparc/kernel/sys_sparc_32.c
+++ b/arch/sparc/kernel/sys_sparc_32.c
@@ -184,10 +184,10 @@ sparc_sigaction (int sig, const struct old_sigaction __user *act,
  
                 if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
                     __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
-                   __get_user(new_ka.sa.sa_restorer, &act->sa_restorer))
+                   __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
+                   __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
+                   __get_user(mask, &act->sa_mask))
                         return -EFAULT;
-               __get_user(new_ka.sa.sa_flags, &act->sa_flags);
-               __get_user(mask, &act->sa_mask);
                 siginitset(&new_ka.sa.sa_mask, mask);
                 new_ka.ka_restorer = NULL;
         }
@@ -202,10 +202,10 @@ sparc_sigaction (int sig, const struct old_sigaction __user *act,
                  */
                 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
                     __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
-                   __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer))
+                   __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
+                   __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
+                   __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
                         return -EFAULT;
-               __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
-               __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask);
         }
  
         return ret;
author	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 22 Apr 2012 20:51:36 +0000 (16:51 -0400)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Tue, 22 May 2012 03:59:21 +0000 (23:59 -0400)
arch/sparc/kernel/signal32.c		patch \| blob \| history
arch/sparc/kernel/sys_sparc_32.c		patch \| blob \| history