diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-29 12:59:59 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-29 12:59:59 -0700 |
commit | 99637e4268ea27f6fa52c4b3717d3c0675e5c20c (patch) | |
tree | 783f65420a7438f0dcc78ffd9736e5fa0936b81c | |
parent | 5ba88cd6e9a658be0cdcaf4fc0438b7d63d32bf6 (diff) | |
parent | 6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 (diff) | |
download | lwn-99637e4268ea27f6fa52c4b3717d3c0675e5c20c.tar.gz lwn-99637e4268ea27f6fa52c4b3717d3c0675e5c20c.zip |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull waitid fix from Al Viro:
"Fix infoleak in waitid()"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix infoleak in waitid(2)
-rw-r--r-- | kernel/exit.c | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/kernel/exit.c b/kernel/exit.c index 3481ababd06a..f2cd53e92147 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -1600,12 +1600,10 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *, struct waitid_info info = {.status = 0}; long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL); int signo = 0; + if (err > 0) { signo = SIGCHLD; err = 0; - } - - if (!err) { if (ru && copy_to_user(ru, &r, sizeof(struct rusage))) return -EFAULT; } @@ -1723,16 +1721,15 @@ COMPAT_SYSCALL_DEFINE5(waitid, if (err > 0) { signo = SIGCHLD; err = 0; - } - - if (!err && uru) { - /* kernel_waitid() overwrites everything in ru */ - if (COMPAT_USE_64BIT_TIME) - err = copy_to_user(uru, &ru, sizeof(ru)); - else - err = put_compat_rusage(&ru, uru); - if (err) - return -EFAULT; + if (uru) { + /* kernel_waitid() overwrites everything in ru */ + if (COMPAT_USE_64BIT_TIME) + err = copy_to_user(uru, &ru, sizeof(ru)); + else + err = put_compat_rusage(&ru, uru); + if (err) + return -EFAULT; + } } if (!infop) |