sysctl: check length at deprecated_sysctl_warning

Original patch assumed args->nlen < CTL_MAXNAME, but it can be false. Signed-off-by: Tetsuo Handa <[email protected]> Cc: "Eric W. Biederman" <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
maraz · Nov 15, 2007 · 6fc48af · 6fc48af
1 parent dbd0cf4
commit 6fc48af
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
@@ -2620,6 +2620,10 @@ static int deprecated_sysctl_warning(struct __sysctl_args *args)
 	int name[CTL_MAXNAME];
 	int i;
 
+	/* Check args->nlen. */
+	if (args->nlen < 0 || args->nlen > CTL_MAXNAME)
+		return -ENOTDIR;
+
 	/* Read in the sysctl name for better debug message logging */
 	for (i = 0; i < args->nlen; i++)
 		if (get_user(name[i], args->name + i))