s = user_get_super(dev);
if (s == NULL)
goto out;
- err = vfs_statfs(s, &sbuf);
+ err = vfs_statfs(s->s_root, &sbuf);
drop_super(s);
if (err)
goto out;
int16_t f_pad;
};
-static int vfs_statfs_hpux(struct super_block *sb, struct hpux_statfs *buf)
+static int vfs_statfs_hpux(struct dentry *dentry, struct hpux_statfs *buf)
{
struct kstatfs st;
int retval;
- retval = vfs_statfs(sb, &st);
+ retval = vfs_statfs(dentry, &st);
if (retval)
return retval;
error = user_path_walk(path, &nd);
if (!error) {
struct hpux_statfs tmp;
- error = vfs_statfs_hpux(nd.dentry->d_inode->i_sb, &tmp);
+ error = vfs_statfs_hpux(nd.dentry, &tmp);
if (!error && copy_to_user(buf, &tmp, sizeof(tmp)))
error = -EFAULT;
path_release(&nd);
file = fget(fd);
if (!file)
goto out;
- error = vfs_statfs_hpux(file->f_dentry->d_inode->i_sb, &tmp);
+ error = vfs_statfs_hpux(file->f_dentry, &tmp);
if (!error && copy_to_user(buf, &tmp, sizeof(tmp)))
error = -EFAULT;
fput(file);
if ( opcode == 1 ) { /* GETFSIND */
len = strlen_user((char *)arg1);
printk(KERN_DEBUG "len of arg1 = %d\n", len);
-
- fsname = (char *) kmalloc(len+1, GFP_KERNEL);
+ if (len == 0)
+ return 0;
+ fsname = (char *) kmalloc(len, GFP_KERNEL);
if ( !fsname ) {
printk(KERN_DEBUG "failed to kmalloc fsname\n");
return 0;
}
- if ( copy_from_user(fsname, (char *)arg1, len+1) ) {
+ if ( copy_from_user(fsname, (char *)arg1, len) ) {
printk(KERN_DEBUG "failed to copy_from_user fsname\n");
kfree(fsname);
return 0;
}
+ /* String could be altered by userspace after strlen_user() */
+ fsname[len] = '\0';
+
printk(KERN_DEBUG "that is '%s' as (char *)\n", fsname);
if ( !strcmp(fsname, "hfs") ) {
fstype = 0;