Re: [PATCH] Using possibly corrupted structure in atm/he.c

From: chas williams
Date: Mon Sep 22 2003 - 09:43:54 EST


In message <3F6D2832.8040609@xxxxxxxxxxxx>,Felipe W Damasio writes:
> If copy_from_user returns != 0, it means the the regs structure wasn't
>filled correctly, and since its fields are used to determine which ioctl
>the user is requesting the kernel could oops.
>
> And as long as we're covering the subject, the patch also audits
>copy_to_user on the same function to check a possible failure to copy
>the result back to userspace.

indeed these are broken as written. i will get this sent up the chain.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/