diff options
| author | Roland McGrath <roland@redhat.com> | 2005-05-26 23:21:09 +0000 |
|---|---|---|
| committer | Roland McGrath <roland@redhat.com> | 2005-05-26 23:21:09 +0000 |
| commit | 2cbe44e441726abf568fbc4ca3cb5ab157ae7684 (patch) | |
| tree | 142cadba47eecb1e9f7177608895a81cea4557a0 /system.c | |
| parent | 682291ec61d4b9e2397cd739679139e4c17fb0d2 (diff) | |
| download | strace-2cbe44e441726abf568fbc4ca3cb5ab157ae7684.tar.gz strace-2cbe44e441726abf568fbc4ca3cb5ab157ae7684.tar.bz2 strace-2cbe44e441726abf568fbc4ca3cb5ab157ae7684.tar.xz | |
2005-05-26 Roland McGrath <roland@redhat.com>
* system.c (sys_sysctl): Check for errors accessing user pointers.
Use malloc instead of alloca in case size is insane.
Diffstat (limited to 'system.c')
| -rw-r--r-- | system.c | 20 |
1 files changed, 16 insertions, 4 deletions
@@ -1822,10 +1822,20 @@ struct tcb *tcp; { struct __sysctl_args info; int *name; - umove (tcp, tcp->u_arg[0], &info); - - name = alloca (sizeof (int) * info.nlen); - umoven(tcp, (size_t) info.name, sizeof (int) * info.nlen, (char *) name); + if (umove (tcp, tcp->u_arg[0], &info) < 0) + return printargs(tcp); + + name = malloc (sizeof (int) * info.nlen); + if (name == NULL || + umoven(tcp, (unsigned long) info.name, + sizeof (int) * info.nlen, (char *) name) < 0) { + if (name != NULL) + free(name); + tprintf("{%p, %d, %p, %p, %p, %Zu}", + info.name, info.nlen, info.oldval, info.oldlenp, + info.newval, info.newlen); + return 0; + } if (entering(tcp)) { int cnt = 0; @@ -1950,6 +1960,8 @@ struct tcb *tcp; } tprintf("}"); } + + free(name); return 0; } #else |