[patch] copy_to_user return value checks in drivers/isdn/hisax/config.c
From: Jesper Juhl
Date: Thu Jan 06 2005 - 21:36:49 EST
Hi,
Here's a proposed patch for drivers/isdn/hisax/config.c to make sure the
return value from copy_to_user gets checked and acted upon properly.
I don't have hardware to test this, so please review carefully before
applying - I think it does the right thing, but I can't really test to
know for sure.
Pplease keep me on CC as I'm not subscribed to the isdn4linux list.
Signed-off-by: Jesper Juhl <juhl-lkml@xxxxxx>
diff -up linux-2.6.10-bk9-orig/drivers/isdn/hisax/config.c linux-2.6.10-bk9/drivers/isdn/hisax/config.c
--- linux-2.6.10-bk9-orig/drivers/isdn/hisax/config.c 2004-12-24 22:35:25.000000000 +0100
+++ linux-2.6.10-bk9/drivers/isdn/hisax/config.c 2005-01-06 23:49:19.000000000 +0100
@@ -625,6 +625,7 @@ int HiSax_readstatus(u_char __user *buf,
struct IsdnCardState *cs = hisax_findcard(id);
if (cs) {
+ int residue;
if (len > HISAX_STATUS_BUFSIZE) {
printk(KERN_WARNING
"HiSax: status overflow readstat %d/%d\n",
@@ -633,7 +634,8 @@ int HiSax_readstatus(u_char __user *buf,
count = cs->status_end - cs->status_read + 1;
if (count >= len)
count = len;
- copy_to_user(p, cs->status_read, count);
+ if (copy_to_user(p, cs->status_read, count))
+ return -EFAULT;
cs->status_read += count;
if (cs->status_read > cs->status_end)
cs->status_read = cs->status_buf;
@@ -644,9 +646,12 @@ int HiSax_readstatus(u_char __user *buf,
cnt = HISAX_STATUS_BUFSIZE;
else
cnt = count;
- copy_to_user(p, cs->status_read, cnt);
+ if ((residue = copy_to_user(p, cs->status_read, cnt)) != 0)
+ cnt -= residue;
p += cnt;
cs->status_read += cnt % HISAX_STATUS_BUFSIZE;
+ if (residue)
+ return -EFAULT;
count -= cnt;
}
return len;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/