From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Date: Thu, 15 Nov 2007 00:58:38 +0000 (-0800)
Subject: sysctl: check length at deprecated_sysctl_warning
X-Git-Tag: v2.6.24-rc3~126
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fc48af82cef55546d640778698943b6227b7fb0;p=linux-2.6

sysctl: check length at deprecated_sysctl_warning

Original patch assumed args->nlen < CTL_MAXNAME, but it can be false.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 3a1744fed2..0deed82a61 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2620,6 +2620,10 @@ static int deprecated_sysctl_warning(struct __sysctl_args *args)
 	int name[CTL_MAXNAME];
 	int i;
 
+	/* Check args->nlen. */
+	if (args->nlen < 0 || args->nlen > CTL_MAXNAME)
+		return -ENOTDIR;
+
 	/* Read in the sysctl name for better debug message logging */
 	for (i = 0; i < args->nlen; i++)
 		if (get_user(name[i], args->name + i))