lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

sanitize audit_mq_notify()

Browse Source 
* don't copy_from_user() twice
* don't bother with allocations
* don't duplicate parts of audit_dummy_context()
* make it return void

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
2008-12-10 07:16:12 -05:00
parent 7392906ea9
commit 20114f71b2
3 changed files with 27 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ipc/mqueue.c
View File

@@ -1003,17 +1003,17 @@ asmlinkage long sys_mq_notify(mqd_t mqdes,
struct mqueue_inode_info *info;
struct sk_buff *nc;
ret = audit_mq_notify(mqdes, u_notification);
if (ret != 0)
return ret;
if (u_notification) {
if (copy_from_user(&notification, u_notification,
sizeof(struct sigevent)))
return -EFAULT;
}
audit_mq_notify(mqdes, u_notification ? &notification : NULL);
nc = NULL;
sock = NULL;
if (u_notification != NULL) {
if (copy_from_user(&notification, u_notification,
sizeof(struct sigevent)))
return -EFAULT;
if (unlikely(notification.sigev_notify != SIGEV_NONE &&
notification.sigev_notify != SIGEV_SIGNAL &&
notification.sigev_notify != SIGEV_THREAD))