Re: [PATCH] check copy_from_user return value in sony535

From: Felipe W Damasio
Date: Mon Oct 06 2003 - 11:03:54 EST


Hi Alexey,

Alexey Dobriyan wrote:
Fell free to nuke verify_area() right before 'return err;' ;-)

Right :)

Moving copy_from_user() before spin_up_drive() then also seems right thing to do.

Oh, ok.

Jens, please apply this patch instead.

Thanks Alexey,

Felipe --- linux-2.6.0-test6/drivers/cdrom/sonycd535.c.orig 2003-10-06 10:46:56.000000000 -0300
+++ linux-2.6.0-test6/drivers/cdrom/sonycd535.c 2003-10-06 13:03:13.000000000 -0300
@@ -1153,12 +1153,10 @@
break;

case CDROMPLAYMSF: /* Play starting at the given MSF address. */
- err = verify_area(VERIFY_READ, (char *)arg, 6);
- if (err)
- return err;
+ if (copy_from_user(params, (void *)arg, 6))
+ return -EFAULT;
spin_up_drive(status);
set_drive_mode(SONY535_AUDIO_DRIVE_MODE, status);
- copy_from_user(params, (void *)arg, 6);

/* The parameters are given in int, must be converted */
for (i = 0; i < 3; i++) {