Tim Wright pointed out a solution to the bug discovered by Jean-Marie
Sulmont but I think at the beginning of drivers/char/n_tty.c/read_chan()
function there is
already a code that deals with NULL buffers passed. Besides, isn't NULL
a NULL whether it's a kernel pointer or a user space pointer? Therefore,
perhaps there is no need to mess with put_user() as Tim suggested but
detect it early as in this patch:
--- n_tty.c Fri Oct 16 17:57:32 1998
+++ n_tty.c.0 Fri Oct 16 17:48:08 1998
@@ -875,9 +875,9 @@
do_it_again:
- if (!tty->read_buf || !buf) {
+ if (!tty->read_buf) {
printk("n_tty_read_chan: called with read_buf == NULL?!?\n");
- return -EFAULT;
+ return -EIO;
}
/* Job control check -- must be done at start and after
Do you disagree that the above is acceptable as a solution?
Also, shouldn't it return EFAULT for NULL buffer rather than EIO as it was
there before? Or, perhaps it should return EIO for read_buf == NULL case
and handle buf == NULL separately returning EFAULT?
regards,
------ -------- --------- -------- -- - -- ---- --
Tigran A. Aivazian | http://www.sco.com
Escalations Research Group | tel: +44-(0)1923-813796
Santa Cruz Operation Ltd | Email: tigran@sco.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/