This patch adds CAP_SYS_ADMIN checks to the potentially dangerous ioctls FLASH_Erase and FLASH_Burn
in the Cobalt LCD interface driver.
Signed-off-by: James Nelson <[email protected]>
diff -purN --exclude='*~' linux-2.4.29-original/drivers/char/lcd.c linux-2.4.29/drivers/char/lcd.c
--- linux-2.4.29-original/drivers/char/lcd.c 2005-01-27 18:46:42.085690494 -0500
+++ linux-2.4.29/drivers/char/lcd.c 2005-01-27 18:54:00.902766505 -0500
@@ -386,6 +386,8 @@ static int lcd_ioctl(struct inode *inode
int ctr=0;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
+
// Chip Erase Sequence
WRITE_FLASH( kFlash_Addr1, kFlash_Data1 );
WRITE_FLASH( kFlash_Addr2, kFlash_Data2 );
@@ -422,6 +424,8 @@ static int lcd_ioctl(struct inode *inode
struct lcd_display display;
+ if (!capable(CAP_SYS_ADMIN)) return -EPERM;
+
if(copy_from_user(&display, (struct lcd_display*)arg, sizeof(struct lcd_display)))
return -EFAULT;
rom = (unsigned char *) kmalloc((128),GFP_ATOMIC);
This patch fixes a memory leak in the FLASH_Burn ioctl for the Cobalt LCD interface driver.
Signed-off-by: James Nelson <[email protected]>
diff -purN --exclude='*~' linux-2.4.29-original/drivers/char/lcd.c linux-2.4.29/drivers/char/lcd.c
--- linux-2.4.29-original/drivers/char/lcd.c 2005-01-27 18:46:42.085690494 -0500
+++ linux-2.4.29/drivers/char/lcd.c 2005-01-27 18:49:38.011310971 -0500
@@ -434,8 +434,10 @@ static int lcd_ioctl(struct inode *inode
save_flags(flags);
for (i=0; i<FLASH_SIZE; i=i+128) {
- if(copy_from_user(rom, display.RomImage + i, 128))
+ if(copy_from_user(rom, display.RomImage + i, 128)) {
+ kfree(rom);
return -EFAULT;
+ }
burn_addr = kFlashBase + i;
cli();
for ( index = 0; index < ( 128 ) ; index++ )
Applied both, thanks James.
On Thu, Jan 27, 2005 at 06:25:09PM -0600, James Nelson wrote:
> This patch fixes a memory leak in the FLASH_Burn ioctl for the Cobalt LCD interface driver.
>
> Signed-off-by: James Nelson <[email protected]>