Update of /usr/cvsroot/zaptel
In directory mongoose.digium.com:/tmp/cvs-serv9307

Modified Files:
        zaptel.c 
Log Message:
check results of copy_from/to_user (issue #5316)


Index: zaptel.c
===================================================================
RCS file: /usr/cvsroot/zaptel/zaptel.c,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -d -r1.120 -r1.121
--- zaptel.c    29 Sep 2005 02:29:16 -0000      1.120
+++ zaptel.c    29 Sep 2005 03:03:33 -0000      1.121
@@ -1758,7 +1758,8 @@
                        }
                        chan->writen[chan->inwritebuf] = amnt >> 1;
                } else {
-                       copy_from_user(chan->writebuf[chan->inwritebuf], 
usrbuf, amnt);
+                       if (copy_from_user(chan->writebuf[chan->inwritebuf], 
usrbuf, amnt))
+                               return -EFAULT;
                        chan->writen[chan->inwritebuf] = amnt;
                }
                chan->writeidx[chan->inwritebuf] = 0;
@@ -2405,7 +2406,8 @@
        memset(samples, 0, sizeof(samples));
        /* XXX Unnecessary XXX */
        memset(next, 0, sizeof(next));
-       copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th));
+       if (copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th)))
+               return -EFAULT;
        if ((th.count < 0) || (th.count > MAX_TONES)) {
                printk("Too many tones included\n");
                return -EINVAL;
@@ -2436,7 +2438,7 @@
                }
                if (copy_from_user(&td, (struct zt_tone_def *)data, 
sizeof(struct zt_tone_def))) {
                        kfree(slab);
-                       return -EIO;
+                       return -EFAULT;
                }
                /* Index the current sample */
                samples[x] = t = (struct zt_tone *)ptr;
@@ -2758,7 +2760,8 @@
 
        switch(cmd) {
        case ZT_GET_PARAMS: /* get channel timing parameters */
-               copy_from_user(&stack.param,(struct zt_params 
*)data,sizeof(stack.param));
+               if (copy_from_user(&stack.param,(struct zt_params 
*)data,sizeof(stack.param)))
+                       return -EFAULT;
 
                /* check to see if the caller wants to receive our master 
channel number */
                if (stack.param.channo & ZT_GET_PARAMS_RETURN_MASTER) {
@@ -2830,10 +2833,12 @@
                        stack.param.curlaw = ZT_LAW_ALAW;
                else
                        stack.param.curlaw = ZT_LAW_MULAW;
-               copy_to_user((struct zt_params 
*)data,&stack.param,sizeof(stack.param));
+               if (copy_to_user((struct zt_params 
*)data,&stack.param,sizeof(stack.param)))
+                       return -EFAULT;
                break;
        case ZT_SET_PARAMS: /* set channel timing stack.paramters */
-               copy_from_user(&stack.param,(struct zt_params 
*)data,sizeof(stack.param));
+               if (copy_from_user(&stack.param,(struct zt_params 
*)data,sizeof(stack.param)))
+                       return -EFAULT;
                /* Pick the right channo's */
                if (!stack.param.channo || unit) {
                        stack.param.channo = unit;
@@ -2861,7 +2866,7 @@
                break;
        case ZT_GETGAINS:  /* get gain stuff */
                if (copy_from_user(&stack.gain,(struct zt_gains *) 
data,sizeof(stack.gain)))
-                       return -EIO;
+                       return -EFAULT;
                i = stack.gain.chan;  /* get channel no */
                   /* if zero, use current channel no */
                if (!i) i = unit;
@@ -2875,11 +2880,11 @@
                        stack.gain.rxgain[j] = chans[i]->rxgain[j];
                }
                if (copy_to_user((struct zt_gains *) 
data,&stack.gain,sizeof(stack.gain)))
-                       return -EIO;
+                       return -EFAULT;
                break;
        case ZT_SETGAINS:  /* set gain stuff */
                if (copy_from_user(&stack.gain,(struct zt_gains *) 
data,sizeof(stack.gain)))
-                       return -EIO;
+                       return -EFAULT;
                i = stack.gain.chan;  /* get channel no */
                   /* if zero, use current channel no */
                if (!i) i = unit;
@@ -2912,10 +2917,11 @@
                        chans[i]->gainalloc = 0;
                }
                if (copy_to_user((struct zt_gains *) 
data,&stack.gain,sizeof(stack.gain)))
-                       return -EIO;
+                       return -EFAULT;
                break;
        case ZT_SPANSTAT:
-               copy_from_user(&stack.span,(struct zt_spaninfo *) 
data,sizeof(stack.span));
+               if (copy_from_user(&stack.span,(struct zt_spaninfo *) 
data,sizeof(stack.span)))
+                       return -EFAULT;
                i = stack.span.spanno; /* get specified span number */
                if ((i < 0) || (i >= maxspans)) return(-EINVAL);  /* if bad 
span no */
                if (i == 0) /* if to figure it out for this chan */
@@ -2945,7 +2951,8 @@
                for (j=0; j < spans[i]->channels; j++)
                        if (spans[i]->chans[j].sig)
                                stack.span.numchans++;
-               copy_to_user((struct zt_spaninfo *) 
data,&stack.span,sizeof(stack.span));
+               if (copy_to_user((struct zt_spaninfo *) 
data,&stack.span,sizeof(stack.span)))
+                       return -EFAULT;
                break;
 #ifdef ALLOW_CHAN_DIAG
        case ZT_CHANDIAG:
@@ -3333,7 +3340,7 @@
                return 0;
        case ZT_SET_DIALPARAMS:
                if (copy_from_user(&tdp, (struct zt_dialparams *)data, 
sizeof(tdp)))
-                       return -EIO;
+                       return -EFAULT;
                if ((tdp.dtmf_tonelen > 4000) || (tdp.dtmf_tonelen < 10))
                        return -EINVAL;
                if ((tdp.mfv1_tonelen > 4000) || (tdp.mfv1_tonelen < 10))
@@ -3355,12 +3362,12 @@
                tdp.reserved[2] = 0;
                tdp.reserved[3] = 0;
                if (copy_to_user((struct zt_dialparams *)data, &tdp, 
sizeof(tdp)))
-                       return -EIO;
+                       return -EFAULT;
                break;
        case ZT_MAINT:  /* do maintence stuff */
                  /* get struct from user */
-               if (copy_from_user(&maint,(struct zt_maintinfo *) data,
-                       sizeof(maint))) return -EIO;
+               if (copy_from_user(&maint,(struct zt_maintinfo *) data, 
sizeof(maint)))
+                       return -EFAULT;
                /* must be valid span number */
                if ((maint.spanno < 1) || (maint.spanno > ZT_MAX_SPANS) || 
(!spans[maint.spanno]))
                        return -EINVAL;
@@ -3435,11 +3442,11 @@
                j = chan->dialing;
                spin_unlock_irqrestore(&chan->lock, flags);
                if (copy_to_user((int *)data,&j,sizeof(int)))
-                       return -EIO;
+                       return -EFAULT;
                return 0;
        case ZT_DIAL:
                if (copy_from_user(&stack.tdo, (struct zt_dialoperation *)data, 
sizeof(stack.tdo)))
-                       return -EIO;
+                       return -EFAULT;
                rv = 0;
                /* Force proper NULL termination */
                stack.tdo.dialstr[ZT_MAX_DTMF_BUF - 1] = '\0';
@@ -3484,11 +3491,11 @@
                stack.bi.readbufs = -1;
                stack.bi.writebufs = -1;
                if (copy_to_user((struct zt_bufferinfo *)data, &stack.bi, 
sizeof(stack.bi)))
-                       return -EIO;
+                       return -EFAULT;
                break;
        case ZT_SET_BUFINFO:
                if (copy_from_user(&stack.bi, (struct zt_bufferinfo *)data, 
sizeof(stack.bi)))
-                       return -EIO;
+                       return -EFAULT;
                if (stack.bi.bufsize > ZT_MAX_BLOCKSIZE)
                        return -EINVAL;
                if (stack.bi.bufsize < 16)
@@ -3667,7 +3674,8 @@
                spin_unlock_irqrestore(&chan->lock, flags);
                return rv;
        case ZT_GETCONF:  /* get conf stuff */
-               copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf));
+               if (copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf)))
+                       return -EFAULT;
                i = stack.conf.chan;  /* get channel no */
                   /* if zero, use current channel no */
                if (!i) i = chan->channo;
@@ -3677,10 +3685,12 @@
                stack.conf.chan = i;  /* get channel number */
                stack.conf.confno = chans[i]->confna;  /* get conference number 
*/
                stack.conf.confmode = chans[i]->confmode; /* get conference 
mode */
-               copy_to_user((struct zt_confinfo *) 
data,&stack.conf,sizeof(stack.conf));
+               if (copy_to_user((struct zt_confinfo *) 
data,&stack.conf,sizeof(stack.conf)))
+                       return -EFAULT;
                break;
        case ZT_SETCONF:  /* set conf stuff */
-               copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf));
+               if (copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf)))
+                       return -EFAULT;
                i = stack.conf.chan;  /* get channel no */
                   /* if zero, use current channel no */
                if (!i) i = chan->channo;
@@ -3739,11 +3749,13 @@
                }
                spin_unlock_irqrestore(&chan->lock, flags);
                spin_unlock_irqrestore(&bigzaplock, flagso);
-               copy_to_user((struct zt_confinfo *) 
data,&stack.conf,sizeof(stack.conf));
+               if (copy_to_user((struct zt_confinfo *) 
data,&stack.conf,sizeof(stack.conf)))
+                       return -EFAULT;
                break;
        case ZT_CONFLINK:  /* do conf link stuff */
                if (!(chan->flags & ZT_FLAG_AUDIO)) return (-EINVAL);
-               copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf));
+               if (copy_from_user(&stack.conf,(struct zt_confinfo *) 
data,sizeof(stack.conf)))
+                       return -EFAULT;
                  /* check sanity of arguments */
                if ((stack.conf.chan < 0) || (stack.conf.chan > ZT_MAX_CONF)) 
return(-EINVAL);
                if ((stack.conf.confno < 0) || (stack.conf.confno > 
ZT_MAX_CONF)) return(-EINVAL);
@@ -3868,7 +3880,7 @@
                if (data) {
                        /* Use specific ring cadence */
                        if (copy_from_user(&stack.cad, (struct zt_ring_cadence 
*)data, sizeof(stack.cad)))
-                               return -EIO;
+                               return -EFAULT;
                        memcpy(chan->ringcadence, &stack.cad, 
sizeof(chan->ringcadence));
                        chan->firstcadencepos = 0;
                        /* Looking for negative ringing time indicating where 
to loop back into ringcadence */

_______________________________________________
Asterisk-Cvs mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-cvs

Reply via email to