sysctl binary: Reorder the tests to process wild card entries first.

A malicious user could have passed in a ctl_name of 0 and triggered
the well know ctl_name to procname mapping code, instead of the wild
card matching code.  This is a slight problem as wild card entries don't
have procnames, and because in some alternate universe a network device
might have ifindex 0.  So test for and handle wild card entries first.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

kernel/sysctl_binary.c

@@ -1269,17 +1269,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
 	for ( ; table->convert; table++) {
 		int len = 0;
 
-		/* Use the well known sysctl number to proc name mapping */
-		if (ctl_name == table->ctl_name) {
-			len = strlen(table->procname);
-			memcpy(path, table->procname, len);
-		}
-#ifdef CONFIG_NET
 		/*
 		 * For a wild card entry map from ifindex to network
 		 * device name.
 		 */
-		else if (!table->ctl_name) {
+		if (!table->ctl_name) {
+#ifdef CONFIG_NET
 			struct net *net = current->nsproxy->net_ns;
 			struct net_device *dev;
 			dev = dev_get_by_index(net, ctl_name);
@@ -1288,8 +1283,12 @@ static const struct bin_table *get_sysctl(const int *name, int nlen, char *path)
 				memcpy(path, dev->name, len);
 				dev_put(dev);
 			}
-		}
 #endif
+		/* Use the well known sysctl number to proc name mapping */
+		} else if (ctl_name == table->ctl_name) {
+			len = strlen(table->procname);
+			memcpy(path, table->procname, len);
+		}
 		if (len) {
 			path += len;
 			if (table->child) {