autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation

author Al Viro <viro@zeniv.linux.org.uk>

Sun, 22 Feb 2015 03:19:57 +0000 (22:19 -0500)

committer Ben Hutchings <ben@decadent.org.uk>

Sat, 9 May 2015 22:16:20 +0000 (23:16 +0100)
author Al Viro <viro@zeniv.linux.org.uk>
Sun, 22 Feb 2015 03:19:57 +0000 (22:19 -0500)
committer Ben Hutchings <ben@decadent.org.uk>
Sat, 9 May 2015 22:16:20 +0000 (23:16 +0100)
diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c

index 868101c..62d7a6d 100644 (file)
--- a/fs/autofs4/dev-ioctl.c
+++ b/fs/autofs4/dev-ioctl.c
@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
   */
  static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
  {
-       struct autofs_dev_ioctl tmp;
+       struct autofs_dev_ioctl tmp, *res;
  
         if (copy_from_user(&tmp, in, sizeof(tmp)))
                 return ERR_PTR(-EFAULT);
@@ -106,7 +106,11 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
         if (tmp.size > (PATH_MAX + sizeof(tmp)))
                 return ERR_PTR(-ENAMETOOLONG);
  
-       return memdup_user(in, tmp.size);
+       res = memdup_user(in, tmp.size);
+       if (!IS_ERR(res))
+               res->size = tmp.size;
+
+       return res;
  }
  
  static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
author	Al Viro <viro@zeniv.linux.org.uk>
	Sun, 22 Feb 2015 03:19:57 +0000 (22:19 -0500)
committer	Ben Hutchings <ben@decadent.org.uk>
	Sat, 9 May 2015 22:16:20 +0000 (23:16 +0100)