On Tue, Dec 13, 2011 at 07:27:32PM -0500, Kevin McKinney wrote: > This ioctl, IOCTL_BCM_GET_DRIVER_VERSION, is > responsible for sending the driver version > to userspace. However, the requested size stored > in IoBuffer.OutputLength may be incorrect. > Therefore, we altered the code to send the > exact length of the version, plus one for the > null character. > > Signed-off-by: Kevin McKinney <[email protected]> > --- > drivers/staging/bcm/Bcmchar.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c > index c4d7a61..96945bb 100644 > --- a/drivers/staging/bcm/Bcmchar.c > +++ b/drivers/staging/bcm/Bcmchar.c > @@ -1003,7 +1003,7 @@ cntrlEnd: > if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) > return -EFAULT; > > - if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, > IoBuffer.OutputLength)) > + if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, > strlen(VER_FILEVERSION_STR)+1))
You should still take into consideration what the user passed as
IoBuffer.OutputLength. Something like:
len = min_t(ulong, IoBuffer.OutputLength, strlen(VER_FILEVERSION_STR) +
1);
if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, len);
regards,
dan carpenter
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
