sysctl binary: Reorder the tests to process wild card entries first.

A malicious user could have passed in a ctl_name of 0 and triggered
the well know ctl_name to procname mapping code, instead of the wild
card matching code.  This is a slight problem as wild card entries don't
have procnames, and because in some alternate universe a network device
might have ifindex 0.  So test for and handle wild card entries first.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2009-11-12 01:39:06 -08:00
parent 63395b6597
commit 757010f026

View File

@ -1269,17 +1269,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
for ( ; table->convert; table++) {
int len = 0;
/* Use the well known sysctl number to proc name mapping */
if (ctl_name == table->ctl_name) {
len = strlen(table->procname);
memcpy(path, table->procname, len);
}
#ifdef CONFIG_NET
/*
* For a wild card entry map from ifindex to network
* device name.
*/
else if (!table->ctl_name) {
if (!table->ctl_name) {
#ifdef CONFIG_NET
struct net *net = current->nsproxy->net_ns;
struct net_device *dev;
dev = dev_get_by_index(net, ctl_name);
@ -1288,8 +1283,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
memcpy(path, dev->name, len);
dev_put(dev);
}
}
#endif
/* Use the well known sysctl number to proc name mapping */
} else if (ctl_name == table->ctl_name) {
len = strlen(table->procname);
memcpy(path, table->procname, len);
}
if (len) {
path += len;
if (table->child) {