aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro2016-02-27 18:17:33 -0600
committerGreg Kroah-Hartman2016-03-03 17:06:53 -0600
commit478ee5e09bbd59e219cc6d281c84e9495f006ab8 (patch)
treedf2a29562aa39a98cde6b969ba0a9a81069c38b2
parentcda49c04f6cdccca0f2db13f740e707d592ef114 (diff)
downloadkernel-video-478ee5e09bbd59e219cc6d281c84e9495f006ab8.tar.gz
kernel-video-478ee5e09bbd59e219cc6d281c84e9495f006ab8.tar.xz
kernel-video-478ee5e09bbd59e219cc6d281c84e9495f006ab8.zip
do_last(): don't let a bogus return value from ->open() et.al. to confuse us
commit c80567c82ae4814a41287618e315a60ecf513be6 upstream. ... into returning a positive to path_openat(), which would interpret that as "symlink had been encountered" and proceed to corrupt memory, etc. It can only happen due to a bug in some ->open() instance or in some LSM hook, etc., so we report any such event *and* make sure it doesn't trick us into further unpleasantness. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--fs/namei.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c
index f4f6460b695..c24781f07cf 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3085,6 +3085,10 @@ opened:
3085 goto exit_fput; 3085 goto exit_fput;
3086 } 3086 }
3087out: 3087out:
3088 if (unlikely(error > 0)) {
3089 WARN_ON(1);
3090 error = -EINVAL;
3091 }
3088 if (got_write) 3092 if (got_write)
3089 mnt_drop_write(nd->path.mnt); 3093 mnt_drop_write(nd->path.mnt);
3090 path_put(&save_parent); 3094 path_put(&save_parent);