autofs4: fix string validation check order

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In function validate_dev_ioctl() we check that the string we've been sent
is a valid path. The function that does this check assumes the string is
NULL terminated but our NULL termination check isn't done until after this
call. This patch changes the order of the check.

Signed-off-by: Ian Kent <raven@themaw.net>
Acked-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Ian Kent and committed by

Linus Torvalds 17 years ago bae8ec66 a92daf6b

+7 -6

1 changed file

expand all

autofs4

dev-ioctl.c

+7 -6

fs/autofs4/dev-ioctl.c

··· 124 124 125 125 /* 126 126 * Check sanity of parameter control fields and if a path is present 127 - * check that it has a "/" and is terminated. 127 + * check that it is terminated and contains at least one "/". 128 128 */ 129 129 static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param) 130 130 { ··· 138 138 } 139 139 140 140 if (param->size > sizeof(*param)) { 141 - err = check_name(param->path); 141 + err = invalid_str(param->path, 142 + (void *) ((size_t) param + param->size)); 142 143 if (err) { 143 - AUTOFS_WARN("invalid path supplied for cmd(0x%08x)", 144 - cmd); 144 + AUTOFS_WARN( 145 + "path string terminator missing for cmd(0x%08x)", 146 + cmd); 145 147 goto out; 146 148 } 147 149 148 - err = invalid_str(param->path, 149 - (void *) ((size_t) param + param->size)); 150 + err = check_name(param->path); 150 151 if (err) { 151 152 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)", 152 153 cmd);