autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation
authorAl Viro <viro@zeniv.linux.org.uk>
Sun, 22 Feb 2015 03:19:57 +0000 (22:19 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Sun, 22 Feb 2015 16:43:34 +0000 (11:43 -0500)
X-Coverup: just ask spender
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/autofs4/dev-ioctl.c

index aaf96cb25452cf04a5d7a47f2b506486e67cd502..ac7d921ed9844b0a0c6afd0e6d4eaf4ca718f955 100644 (file)
@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
  */
 static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
 {
-       struct autofs_dev_ioctl tmp;
+       struct autofs_dev_ioctl tmp, *res;
 
        if (copy_from_user(&tmp, in, sizeof(tmp)))
                return ERR_PTR(-EFAULT);
@@ -106,7 +106,11 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
        if (tmp.size > (PATH_MAX + sizeof(tmp)))
                return ERR_PTR(-ENAMETOOLONG);
 
-       return memdup_user(in, tmp.size);
+       res = memdup_user(in, tmp.size);
+       if (!IS_ERR(res))
+               res->size = tmp.size;
+
+       return res;
 }
 
 static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)