avoid oldlenp mixup (in-kernel pointer and userland pointer). from atatat

2003-08-14 05:14:52 +00:00 · 2003-08-14 05:14:52 +00:00 · 95758d3554
parent 329946a58b
commit 95758d3554
1 changed files with 6 additions and 8 deletions
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@ -1,4 +1,4 @@
-/*	$NetBSD: kern_sysctl.c,v 1.140 2003/08/07 16:31:50 agc Exp $	*/
+/*	$NetBSD: kern_sysctl.c,v 1.141 2003/08/14 05:14:52 itojun Exp $	*/

 /*-
 * Copyright (c) 1982, 1986, 1989, 1993
@ -39,7 +39,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.140 2003/08/07 16:31:50 agc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.141 2003/08/14 05:14:52 itojun Exp $");

 #include "opt_ddb.h"
 #include "opt_insecure.h"
@ -157,7 +157,6 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval)
 	size_t savelen = 0, oldlen = 0;
 	sysctlfn *fn;
 	int name[CTL_MAXNAME];
-	size_t *oldlenp;

 	/*
 	 * all top-level sysctl names are non-terminal
@ -222,11 +221,10 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval)
 	 * XXX Hey, we wire `old', but what about `new'?
 	 */

-	oldlenp = SCARG(uap, oldlenp);
-	if (oldlenp) {
-		if ((error = copyin(oldlenp, &oldlen, sizeof(oldlen))))
+	if (SCARG(uap, oldlenp)) {
+		if ((error = copyin(SCARG(uap, oldlenp), &oldlen,
+		    sizeof(oldlen))))
 			return (error);
-		oldlenp = &oldlen;
 	}
 	if (SCARG(uap, old) != NULL) {
 		error = lockmgr(&sysctl_memlock, LK_EXCLUSIVE, NULL);
@ -240,7 +238,7 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval)
 		savelen = oldlen;
 	}
 	error = (*fn)(name + 1, SCARG(uap, namelen) - 1, SCARG(uap, old),
-	    oldlenp, SCARG(uap, new), SCARG(uap, newlen), p);
+	    &oldlen, SCARG(uap, new), SCARG(uap, newlen), p);
 	if (SCARG(uap, old) != NULL) {
 		uvm_vsunlock(p, SCARG(uap, old), savelen);
 		(void) lockmgr(&sysctl_memlock, LK_RELEASE, NULL);