From 95758d35542bf3f2afb9b34f2d5c02f500d3afef Mon Sep 17 00:00:00 2001 From: itojun Date: Thu, 14 Aug 2003 05:14:52 +0000 Subject: [PATCH] avoid oldlenp mixup (in-kernel pointer and userland pointer). from atatat --- sys/kern/kern_sysctl.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 43c12d1c38a2..13e1b1692150 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $NetBSD: kern_sysctl.c,v 1.140 2003/08/07 16:31:50 agc Exp $ */ +/* $NetBSD: kern_sysctl.c,v 1.141 2003/08/14 05:14:52 itojun Exp $ */ /*- * Copyright (c) 1982, 1986, 1989, 1993 @@ -39,7 +39,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.140 2003/08/07 16:31:50 agc Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_sysctl.c,v 1.141 2003/08/14 05:14:52 itojun Exp $"); #include "opt_ddb.h" #include "opt_insecure.h" @@ -157,7 +157,6 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval) size_t savelen = 0, oldlen = 0; sysctlfn *fn; int name[CTL_MAXNAME]; - size_t *oldlenp; /* * all top-level sysctl names are non-terminal @@ -222,11 +221,10 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval) * XXX Hey, we wire `old', but what about `new'? */ - oldlenp = SCARG(uap, oldlenp); - if (oldlenp) { - if ((error = copyin(oldlenp, &oldlen, sizeof(oldlen)))) + if (SCARG(uap, oldlenp)) { + if ((error = copyin(SCARG(uap, oldlenp), &oldlen, + sizeof(oldlen)))) return (error); - oldlenp = &oldlen; } if (SCARG(uap, old) != NULL) { error = lockmgr(&sysctl_memlock, LK_EXCLUSIVE, NULL); @@ -240,7 +238,7 @@ sys___sysctl(struct lwp *l, void *v, register_t *retval) savelen = oldlen; } error = (*fn)(name + 1, SCARG(uap, namelen) - 1, SCARG(uap, old), - oldlenp, SCARG(uap, new), SCARG(uap, newlen), p); + &oldlen, SCARG(uap, new), SCARG(uap, newlen), p); if (SCARG(uap, old) != NULL) { uvm_vsunlock(p, SCARG(uap, old), savelen); (void) lockmgr(&sysctl_memlock, LK_RELEASE, NULL);