lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewire: check cdev response length

Browse Source 
Add a check that the data length in the SEND_RESPONSE ioctl is correct.
Incidentally, this also fixes the previously wrong response length of
software-handled lock requests.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
This commit is contained in:
Clemens Ladisch
2010-05-19 08:28:32 +02:00
committed by Stefan Richter
parent 262444eecc
commit a10c0ce760
3 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/firewire/core-cdev.c
View File

@ -756,9 +756,12 @@ static int ioctl_send_response(struct client *client, union ioctl_arg *arg)
if (is_fcp_request(r->request))
goto out;
if (a->length < r->length)
r->length = a->length;
if (copy_from_user(r->data, u64_to_uptr(a->data), r->length)) {
if (a->length != fw_get_response_length(r->request)) {
ret = -EINVAL;
kfree(r->request);
goto out;
}
if (copy_from_user(r->data, u64_to_uptr(a->data), a->length)) {
ret = -EFAULT;
kfree(r->request);
goto out;