From 11a7ac23a2d7464a74ceb7b97dbae4d5a0208576 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri, 8 Feb 2008 04:22:09 -0800 Subject: uml: improved error handling while locating temp dir * arch/um/os-Linux/mem.c (make_tempfile): Don't deref NULL upon failed malloc. * arch/um/os-Linux/mem.c (make_tempfile): Handle NULL tempdir. Don't let a long tempdir (e.g., via TMPDIR) provoke heap corruption. [ jdike - formatting cleanups, deleted obsolete comment ] Signed-off-by: Jim Meyering Signed-off-by: Jeff Dike Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- arch/um/os-Linux/mem.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'arch/um') diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 38742c21def5..93a11d7edfa0 100644 --- a/arch/um/os-Linux/mem.c +++ b/arch/um/os-Linux/mem.c @@ -162,11 +162,6 @@ found: goto out; } -/* - * This proc still used in tt-mode - * (file: kernel/tt/ptproxy/proxy.c, proc: start_debugger). - * So it isn't 'static' yet. - */ static int __init make_tempfile(const char *template, char **out_tempname, int do_unlink) { @@ -175,10 +170,13 @@ static int __init make_tempfile(const char *template, char **out_tempname, which_tmpdir(); tempname = malloc(MAXPATHLEN); - if (!tempname) - goto out; + if (tempname == NULL) + return -1; find_tempdir(); + if ((tempdir == NULL) || (strlen(tempdir) >= MAXPATHLEN)) + return -1; + if (template[0] != '/') strcpy(tempname, tempdir); else @@ -196,9 +194,8 @@ static int __init make_tempfile(const char *template, char **out_tempname, } if (out_tempname) { *out_tempname = tempname; - } else { + } else free(tempname); - } return fd; out: free(tempname); -- cgit v1.2.3