Merge tag 'master-2014-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/linvil...

[cascardo/linux.git] / fs / binfmt_misc.c

diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index b605003..fd8beb9 100644 (file)
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -62,7 +62,22 @@ static struct file_system_type bm_fs_type;
 static struct vfsmount *bm_mnt;
 static int entry_count;
 
-/* 
+/*
+ * Max length of the register string.  Determined by:
+ *  - 7 delimiters
+ *  - name:   ~50 bytes
+ *  - type:   1 byte
+ *  - offset: 3 bytes (has to be smaller than BINPRM_BUF_SIZE)
+ *  - magic:  128 bytes (512 in escaped form)
+ *  - mask:   128 bytes (512 in escaped form)
+ *  - interp: ~50 bytes
+ *  - flags:  5 bytes
+ * Round that up a bit, and then back off to hold the internal data
+ * (like struct Node).
+ */
+#define MAX_REGISTER_LENGTH 1920
+
+/*
  * Check if we support the binfmt
  * if we do, return the node, else NULL
  * locking is done in load_misc_binary
@@ -279,7 +294,7 @@ static Node *create_entry(const char __user *buffer, size_t count)
 
        /* some sanity checks */
        err = -EINVAL;
-       if ((count < 11) || (count > 256))
+       if ((count < 11) || (count > MAX_REGISTER_LENGTH))
                goto out;
 
        err = -ENOMEM;
@@ -396,12 +411,12 @@ static int parse_command(const char __user *buffer, size_t count)
 {
        char s[4];
 
-       if (!count)
-               return 0;
        if (count > 3)
                return -EINVAL;
        if (copy_from_user(s, buffer, count))
                return -EFAULT;
+       if (!count)
+               return 0;
        if (s[count-1] == '\n')
                count--;
        if (count == 1 && s[0] == '0')