2019-06-27 09:51:39

by Florian Weimer

[permalink] [raw]
Subject: [PATCH] fs: Fix internal type confusion in getdents system calls

The callback functions use a signed int type, but the callers have
only verified the value as an unsigned type. This should be only
a cosmetic change because if the value wraps around, this error
check catches it:

if (reclen > buf->count)
return -EINVAL;

But it should be clearer to prevent the wrap-around.

Signed-off-by: Florian Weimer <[email protected]>
---
fs/readdir.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/readdir.c b/fs/readdir.c
index 2f6a4534e0df..d344061e387e 100644
--- a/fs/readdir.c
+++ b/fs/readdir.c
@@ -159,7 +159,7 @@ struct getdents_callback {
struct dir_context ctx;
struct linux_dirent __user * current_dir;
struct linux_dirent __user * previous;
- int count;
+ unsigned int count;
int error;
};

@@ -246,7 +246,7 @@ struct getdents_callback64 {
struct dir_context ctx;
struct linux_dirent64 __user * current_dir;
struct linux_dirent64 __user * previous;
- int count;
+ unsigned int count;
int error;
};

@@ -413,7 +413,7 @@ struct compat_getdents_callback {
struct dir_context ctx;
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
- int count;
+ unsigned int count;
int error;
};

--
2.21.0