Commit 99637e42 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull waitid fix from Al Viro:
 "Fix infoleak in waitid()"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  fix infoleak in waitid(2)
parents 5ba88cd6 6c85501f
...@@ -1600,12 +1600,10 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *, ...@@ -1600,12 +1600,10 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
struct waitid_info info = {.status = 0}; struct waitid_info info = {.status = 0};
long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL); long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL);
int signo = 0; int signo = 0;
if (err > 0) { if (err > 0) {
signo = SIGCHLD; signo = SIGCHLD;
err = 0; err = 0;
}
if (!err) {
if (ru && copy_to_user(ru, &r, sizeof(struct rusage))) if (ru && copy_to_user(ru, &r, sizeof(struct rusage)))
return -EFAULT; return -EFAULT;
} }
...@@ -1723,16 +1721,15 @@ COMPAT_SYSCALL_DEFINE5(waitid, ...@@ -1723,16 +1721,15 @@ COMPAT_SYSCALL_DEFINE5(waitid,
if (err > 0) { if (err > 0) {
signo = SIGCHLD; signo = SIGCHLD;
err = 0; err = 0;
} if (uru) {
/* kernel_waitid() overwrites everything in ru */
if (!err && uru) { if (COMPAT_USE_64BIT_TIME)
/* kernel_waitid() overwrites everything in ru */ err = copy_to_user(uru, &ru, sizeof(ru));
if (COMPAT_USE_64BIT_TIME) else
err = copy_to_user(uru, &ru, sizeof(ru)); err = put_compat_rusage(&ru, uru);
else if (err)
err = put_compat_rusage(&ru, uru); return -EFAULT;
if (err) }
return -EFAULT;
} }
if (!infop) if (!infop)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment