fs/coredump: prevent fsuid=0 dumps into user-controlled directories

[pandora-kernel.git] / kernel / sysctl_binary.c

diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index e8bffbe..cd2ea02 100644 (file)
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -214,7 +214,7 @@ static const struct bin_table bin_net_ipv4_route_table[] = {
        { CTL_INT,      NET_IPV4_ROUTE_GC_MIN_INTERVAL,         "gc_min_interval" },
        { CTL_INT,      NET_IPV4_ROUTE_GC_MIN_INTERVAL_MS,      "gc_min_interval_ms" },
        { CTL_INT,      NET_IPV4_ROUTE_GC_TIMEOUT,              "gc_timeout" },
-       { CTL_INT,      NET_IPV4_ROUTE_GC_INTERVAL,             "gc_interval" },
+       /* NET_IPV4_ROUTE_GC_INTERVAL "gc_interval" no longer used */
        { CTL_INT,      NET_IPV4_ROUTE_REDIRECT_LOAD,           "redirect_load" },
        { CTL_INT,      NET_IPV4_ROUTE_REDIRECT_NUMBER,         "redirect_number" },
        { CTL_INT,      NET_IPV4_ROUTE_REDIRECT_SILENCE,        "redirect_silence" },
@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file,
 
                /* Convert the decnet address to binary */
                result = -EIO;
-               nodep = strchr(buf, '.') + 1;
+               nodep = strchr(buf, '.');
                if (!nodep)
                        goto out;
+               ++nodep;
 
                area = simple_strtoul(buf, NULL, 10);
                node = simple_strtoul(nodep, NULL, 10);
@@ -1345,7 +1346,7 @@ static ssize_t binary_sysctl(const int *name, int nlen,
        }
 
        mnt = current->nsproxy->pid_ns->proc_mnt;
-       file = file_open_root(mnt->mnt_root, mnt, pathname, flags);
+       file = file_open_root(mnt->mnt_root, mnt, pathname, flags, 0);
        result = PTR_ERR(file);
        if (IS_ERR(file))
                goto out_putname;
@@ -1354,7 +1355,7 @@ static ssize_t binary_sysctl(const int *name, int nlen,
 
        fput(file);
 out_putname:
-       putname(pathname);
+       __putname(pathname);
 out:
        return result;
 }