unfuck binfmt_misc.c (broken by commit e6084d4)

scanarg(s, del) never returns s; the empty field results in s + 1. Restore the correct checks, and move NUL-termination into scanarg(), while we are at it. Incidentally, mixing "coding style cleanups" (for small values of cleanup) with functional changes is a Bad Idea(tm)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2014-12-17 05:29:16 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2014-12-17 08:27:14 -0500
commit: 7d65cf10e3d7747033b83fa18c5f3d2a498f66bc (patch)
tree: e10e627d7292ff6b802cb0cee6abacaedb70b103 /fs
parent: 50062175ffc844b8ff9664024c6416a37ad63c77 (diff)
download: linux-7d65cf10e3d7747033b83fa18c5f3d2a498f66bc.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index c04ef1d4f18a..97aff2879cda 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -254,6 +254,7 @@ static char *scanarg(char *s, char del)
 				return NULL;
 		}
 	}
+	s[-1] ='\0';
 	return s;
 }
 
@@ -378,8 +379,7 @@ static Node *create_entry(const char __user *buffer, size_t count)
 		p = scanarg(p, del);
 		if (!p)
 			goto einval;
-		p[-1] = '\0';
-		if (p == e->magic)
+		if (!e->magic[0])
 			goto einval;
 		if (USE_DEBUG)
 			print_hex_dump_bytes(
@@ -391,8 +391,7 @@ static Node *create_entry(const char __user *buffer, size_t count)
 		p = scanarg(p, del);
 		if (!p)
 			goto einval;
-		p[-1] = '\0';
-		if (p == e->mask) {
+		if (!e->mask[0]) {
 			e->mask = NULL;
 			pr_debug("register:  mask[raw]: none\n");
 		} else if (USE_DEBUG)
author	Al Viro <viro@zeniv.linux.org.uk>	2014-12-17 05:29:16 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2014-12-17 08:27:14 -0500
commit	7d65cf10e3d7747033b83fa18c5f3d2a498f66bc (patch)
tree	e10e627d7292ff6b802cb0cee6abacaedb70b103 /fs
parent	50062175ffc844b8ff9664024c6416a37ad63c77 (diff)
download	linux-7d65cf10e3d7747033b83fa18c5f3d2a498f66bc.tar.gz