exec: introduce get_user_arg_ptr() helper
Introduce get_user_arg_ptr() helper, convert count() and copy_strings()
to use it.
No functional changes, preparation. This helper is trivial, it just
reads the pointer from argv/envp user-space array.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
diff --git a/fs/exec.c b/fs/exec.c
index 5e62d26..b12e24f 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -398,6 +398,17 @@
return err;
}
+static const char __user *
+get_user_arg_ptr(const char __user * const __user *argv, int nr)
+{
+ const char __user *ptr;
+
+ if (get_user(ptr, argv + nr))
+ return ERR_PTR(-EFAULT);
+
+ return ptr;
+}
+
/*
* count() counts the number of strings in array ARGV.
*/
@@ -407,13 +418,14 @@
if (argv != NULL) {
for (;;) {
- const char __user * p;
+ const char __user *p = get_user_arg_ptr(argv, i);
- if (get_user(p, argv))
- return -EFAULT;
if (!p)
break;
- argv++;
+
+ if (IS_ERR(p))
+ return -EFAULT;
+
if (i++ >= max)
return -E2BIG;
@@ -443,16 +455,18 @@
int len;
unsigned long pos;
- if (get_user(str, argv+argc) ||
- !(len = strnlen_user(str, MAX_ARG_STRLEN))) {
- ret = -EFAULT;
+ ret = -EFAULT;
+ str = get_user_arg_ptr(argv, argc);
+ if (IS_ERR(str))
goto out;
- }
- if (!valid_arg_len(bprm, len)) {
- ret = -E2BIG;
+ len = strnlen_user(str, MAX_ARG_STRLEN);
+ if (!len)
goto out;
- }
+
+ ret = -E2BIG;
+ if (!valid_arg_len(bprm, len))
+ goto out;
/* We're going to work our way backwords. */
pos = bprm->p;