sysctl binary: Reorder the tests to process wild card entries first.

ebiederm · ebiederm · commit 757010f026ab · 2009-11-12T01:42:31.000-08:00
A malicious user could have passed in a ctl_name of 0 and triggered
the well know ctl_name to procname mapping code, instead of the wild
card matching code.  This is a slight problem as wild card entries don't
have procnames, and because in some alternate universe a network device
might have ifindex 0.  So test for and handle wild card entries first.

Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
@@ -1269,17 +1269,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
 	for ( ; table->convert; table++) {
 		int len = 0;
 
-		/* Use the well known sysctl number to proc name mapping */
-		if (ctl_name == table->ctl_name) {
-			len = strlen(table->procname);
-			memcpy(path, table->procname, len);
-		}
-#ifdef CONFIG_NET
 		/*
 		 * For a wild card entry map from ifindex to network
 		 * device name.
 		 */
-		else if (!table->ctl_name) {
+		if (!table->ctl_name) {
+#ifdef CONFIG_NET
 			struct net *net = current->nsproxy->net_ns;
 			struct net_device *dev;
 			dev = dev_get_by_index(net, ctl_name);
@@ -1288,8 +1283,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
 				memcpy(path, dev->name, len);
 				dev_put(dev);
 			}
-		}
 #endif
+		/* Use the well known sysctl number to proc name mapping */
+		} else if (ctl_name == table->ctl_name) {
+			len = strlen(table->procname);
+			memcpy(path, table->procname, len);
+		}
 		if (len) {
 			path += len;
 			if (table->child) {
