diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2009-11-12 01:39:06 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2009-11-12 01:42:31 -0800 |
commit | 757010f026ab3044c594003e216d00a33ed95c56 (patch) | |
tree | 4e9d44c52c34c09b5a347688af20840be7a1c61a | |
parent | 63395b65972c07edce595c9cc8a983016738cdac (diff) |
sysctl binary: Reorder the tests to process wild card entries first.
A malicious user could have passed in a ctl_name of 0 and triggered
the well know ctl_name to procname mapping code, instead of the wild
card matching code. This is a slight problem as wild card entries don't
have procnames, and because in some alternate universe a network device
might have ifindex 0. So test for and handle wild card entries first.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r-- | kernel/sysctl_binary.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c index 0cf60400542..b75dbf40f57 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -1269,17 +1269,12 @@ repeat: for ( ; table->convert; table++) { int len = 0; - /* Use the well known sysctl number to proc name mapping */ - if (ctl_name == table->ctl_name) { - len = strlen(table->procname); - memcpy(path, table->procname, len); - } -#ifdef CONFIG_NET /* * For a wild card entry map from ifindex to network * device name. */ - else if (!table->ctl_name) { + if (!table->ctl_name) { +#ifdef CONFIG_NET struct net *net = current->nsproxy->net_ns; struct net_device *dev; dev = dev_get_by_index(net, ctl_name); @@ -1288,8 +1283,12 @@ repeat: memcpy(path, dev->name, len); dev_put(dev); } - } #endif + /* Use the well known sysctl number to proc name mapping */ + } else if (ctl_name == table->ctl_name) { + len = strlen(table->procname); + memcpy(path, table->procname, len); + } if (len) { path += len; if (table->child) { |