unfuck binfmt_misc.c (broken by commit e6084d4)
authorAl Viro <viro@zeniv.linux.org.uk>
Wed, 17 Dec 2014 10:29:16 +0000 (05:29 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Wed, 17 Dec 2014 13:27:14 +0000 (08:27 -0500)
scanarg(s, del) never returns s; the empty field results in s + 1.
Restore the correct checks, and move NUL-termination into scanarg(),
while we are at it.

Incidentally, mixing "coding style cleanups" (for small values of cleanup)
with functional changes is a Bad Idea(tm)...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/binfmt_misc.c

index c04ef1d4f18a573726f83d7f5a1401f06ec9652b..97aff2879cda3c1f9295d6e480a4e737e48e3df2 100644 (file)
@@ -254,6 +254,7 @@ static char *scanarg(char *s, char del)
                                return NULL;
                }
        }
+       s[-1] ='\0';
        return s;
 }
 
@@ -378,8 +379,7 @@ static Node *create_entry(const char __user *buffer, size_t count)
                p = scanarg(p, del);
                if (!p)
                        goto einval;
-               p[-1] = '\0';
-               if (p == e->magic)
+               if (!e->magic[0])
                        goto einval;
                if (USE_DEBUG)
                        print_hex_dump_bytes(
@@ -391,8 +391,7 @@ static Node *create_entry(const char __user *buffer, size_t count)
                p = scanarg(p, del);
                if (!p)
                        goto einval;
-               p[-1] = '\0';
-               if (p == e->mask) {
+               if (!e->mask[0]) {
                        e->mask = NULL;
                        pr_debug("register:  mask[raw]: none\n");
                } else if (USE_DEBUG)