From f45655f6a65538237359abce55edab9cfcc6d82f Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 21 Feb 2013 13:30:42 +0100 Subject: [PATCH] s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case If the maximum length specified for the to be accessed string for strncpy_from_user() and strnlen_user() is zero the following incorrect values would be returned or incorrect memory accesses would happen: strnlen_user_std() and strnlen_user_pt() incorrectly return "1" strncpy_from_user_pt() would incorrectly access "dst[maxlen - 1]" strncpy_from_user_mvcos() would incorrectly return "-EFAULT" Fix all these oddities by adding early checks. Reviewed-by: Gerald Schaefer Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/lib/uaccess_mvcos.c | 2 ++ arch/s390/lib/uaccess_pt.c | 4 ++++ arch/s390/lib/uaccess_std.c | 2 ++ 3 files changed, 8 insertions(+) diff --git a/arch/s390/lib/uaccess_mvcos.c b/arch/s390/lib/uaccess_mvcos.c index 7f3eb3d56024..1829742bf479 100644 --- a/arch/s390/lib/uaccess_mvcos.c +++ b/arch/s390/lib/uaccess_mvcos.c @@ -184,6 +184,8 @@ static size_t strncpy_from_user_mvcos(size_t count, const char __user *src, { size_t done, len, offset, len_str; + if (unlikely(!count)) + return 0; done = 0; do { offset = (size_t)src & ~PAGE_MASK; diff --git a/arch/s390/lib/uaccess_pt.c b/arch/s390/lib/uaccess_pt.c index a70ee84c0241..c1aaf22c326b 100644 --- a/arch/s390/lib/uaccess_pt.c +++ b/arch/s390/lib/uaccess_pt.c @@ -172,6 +172,8 @@ static size_t strnlen_user_pt(size_t count, const char __user *src) unsigned long offset, done, len, kaddr; size_t len_str; + if (unlikely(!count)) + return 0; if (segment_eq(get_fs(), KERNEL_DS)) return strnlen((const char __kernel __force *) src, count) + 1; done = 0; @@ -202,6 +204,8 @@ static size_t strncpy_from_user_pt(size_t count, const char __user *src, { size_t n = strnlen_user_pt(count, src); + if (unlikely(!count)) + return 0; if (!n) return -EFAULT; if (n > count) diff --git a/arch/s390/lib/uaccess_std.c b/arch/s390/lib/uaccess_std.c index 6fbd06338270..79c6c7d76e08 100644 --- a/arch/s390/lib/uaccess_std.c +++ b/arch/s390/lib/uaccess_std.c @@ -188,6 +188,8 @@ size_t strnlen_user_std(size_t size, const char __user *src) register unsigned long reg0 asm("0") = 0UL; unsigned long tmp1, tmp2; + if (unlikely(!size)) + return 0; asm volatile( " la %2,0(%1)\n" " la %3,0(%0,%1)\n" -- 2.20.1