2003-09-22 14:49:03

by Felipe W Damasio

[permalink] [raw]
Subject: [PATCH 2.4] Using possibly corrupted structure in atm/he.c

--- linux-2.4.23-pre5/drivers/atm/he.c.orig 2003-09-22 11:41:20.000000000 -0300
+++ linux-2.4.23-pre5/drivers/atm/he.c 2003-09-22 11:44:50.000000000 -0300
@@ -2866,8 +2866,10 @@
if (!capable(CAP_NET_ADMIN))
return -EPERM;

- copy_from_user(&reg, (struct he_ioctl_reg *) arg,
- sizeof(struct he_ioctl_reg));
+ if (copy_from_user(&reg, (struct he_ioctl_reg *) arg,
+ sizeof(struct he_ioctl_reg)))
+ return -EFAULT;
+
spin_lock_irqsave(&he_dev->global_lock, flags);
switch (reg.type) {
case HE_REGTYPE_PCI:
@@ -2891,8 +2893,9 @@
}
spin_unlock_irqrestore(&he_dev->global_lock, flags);
if (err == 0)
- copy_to_user((struct he_ioctl_reg *) arg, &reg,
- sizeof(struct he_ioctl_reg));
+ if (copy_to_user((struct he_ioctl_reg *) arg, &reg,
+ sizeof(struct he_ioctl_reg)))
+ return -EFAULT;
break;
default:
#ifdef CONFIG_ATM_HE_USE_SUNI

Attachments:
atm_he-copy.patch (913.00 B)