[PATCH] staging:iio:events: Make sure userspace buffer is large enough

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] staging:iio:events: Make sure userspace buffer is large enough
@ 2011-10-24 11:52 Lars-Peter Clausen
  2011-10-24 11:55 ` Jonathan Cameron
  0 siblings, 1 reply; 4+ messages in thread
From: Lars-Peter Clausen @ 2011-10-24 11:52 UTC (permalink / raw)
  To: Jonathan Cameron
  Cc: Michael Hennerich, linux-iio, device-drivers-devel, drivers,
	Lars-Peter Clausen

Make sure that the userspace buffer is large enough to hold a iio_event_data
struct before writing to it.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
---
 drivers/staging/iio/industrialio-core.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/iio/industrialio-core.c b/drivers/staging/iio/industrialio-core.c
index 74904f1..733e83a 100644
--- a/drivers/staging/iio/industrialio-core.c
+++ b/drivers/staging/iio/industrialio-core.c
@@ -169,8 +169,11 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
 {
 	struct iio_event_interface *ev_int = filep->private_data;
 	struct iio_detected_event_list *el;
+	size_t len = sizeof(el->ev);
 	int ret;
-	size_t len;
+
+	if (count < len)
+		return -EINVAL;
 
 	mutex_lock(&ev_int->event_list_lock);
 	if (list_empty(&ev_int->det_events)) {
@@ -192,7 +195,6 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
 	el = list_first_entry(&ev_int->det_events,
 			      struct iio_detected_event_list,
 			      list);
-	len = sizeof el->ev;
 	if (copy_to_user(buf, &(el->ev), len)) {
 		ret = -EFAULT;
 		goto error_mutex_unlock;
-- 
1.7.7

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging:iio:events: Make sure userspace buffer is large enough
  2011-10-24 11:52 [PATCH] staging:iio:events: Make sure userspace buffer is large enough Lars-Peter Clausen
@ 2011-10-24 11:55 ` Jonathan Cameron
  2011-10-24 11:59   ` Lars-Peter Clausen
  0 siblings, 1 reply; 4+ messages in thread
From: Jonathan Cameron @ 2011-10-24 11:55 UTC (permalink / raw)
  To: Lars-Peter Clausen
  Cc: Michael Hennerich, linux-iio, device-drivers-devel, drivers

On 10/24/11 12:52, Lars-Peter Clausen wrote:
> Make sure that the userspace buffer is large enough to hold a iio_event_data
> struct before writing to it.
> 
Good catch.  Shall I tack this on the end of the two fixes sets I sent earlier?
> Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
> ---
>  drivers/staging/iio/industrialio-core.c |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/iio/industrialio-core.c b/drivers/staging/iio/industrialio-core.c
> index 74904f1..733e83a 100644
> --- a/drivers/staging/iio/industrialio-core.c
> +++ b/drivers/staging/iio/industrialio-core.c
> @@ -169,8 +169,11 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
>  {
>  	struct iio_event_interface *ev_int = filep->private_data;
>  	struct iio_detected_event_list *el;
> +	size_t len = sizeof(el->ev);
>  	int ret;
> -	size_t len;
> +
> +	if (count < len)
> +		return -EINVAL;
>  
>  	mutex_lock(&ev_int->event_list_lock);
>  	if (list_empty(&ev_int->det_events)) {
> @@ -192,7 +195,6 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
>  	el = list_first_entry(&ev_int->det_events,
>  			      struct iio_detected_event_list,
>  			      list);
> -	len = sizeof el->ev;
>  	if (copy_to_user(buf, &(el->ev), len)) {
>  		ret = -EFAULT;
>  		goto error_mutex_unlock;


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging:iio:events: Make sure userspace buffer is large enough
  2011-10-24 11:55 ` Jonathan Cameron
@ 2011-10-24 11:59   ` Lars-Peter Clausen
  2011-10-24 12:05     ` Jonathan Cameron
  0 siblings, 1 reply; 4+ messages in thread
From: Lars-Peter Clausen @ 2011-10-24 11:59 UTC (permalink / raw)
  To: Jonathan Cameron
  Cc: Michael Hennerich, linux-iio, device-drivers-devel, drivers

On 10/24/2011 01:55 PM, Jonathan Cameron wrote:
> On 10/24/11 12:52, Lars-Peter Clausen wrote:
>> Make sure that the userspace buffer is large enough to hold a iio_event_data
>> struct before writing to it.
>>
> Good catch.  Shall I tack this on the end of the two fixes sets I sent earlier?

Fine with me. Thanks.

>> Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
> Acked-by: Jonathan Cameron <jic23@cam.ac.uk>
>> ---
>>  drivers/staging/iio/industrialio-core.c |    6 ++++--
>>  1 files changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/staging/iio/industrialio-core.c b/drivers/staging/iio/industrialio-core.c
>> index 74904f1..733e83a 100644
>> --- a/drivers/staging/iio/industrialio-core.c
>> +++ b/drivers/staging/iio/industrialio-core.c
>> @@ -169,8 +169,11 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
>>  {
>>  	struct iio_event_interface *ev_int = filep->private_data;
>>  	struct iio_detected_event_list *el;
>> +	size_t len = sizeof(el->ev);
>>  	int ret;
>> -	size_t len;
>> +
>> +	if (count < len)
>> +		return -EINVAL;
>>  
>>  	mutex_lock(&ev_int->event_list_lock);
>>  	if (list_empty(&ev_int->det_events)) {
>> @@ -192,7 +195,6 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
>>  	el = list_first_entry(&ev_int->det_events,
>>  			      struct iio_detected_event_list,
>>  			      list);
>> -	len = sizeof el->ev;
>>  	if (copy_to_user(buf, &(el->ev), len)) {
>>  		ret = -EFAULT;
>>  		goto error_mutex_unlock;
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-iio" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] staging:iio:events: Make sure userspace buffer is large enough
  2011-10-24 11:59   ` Lars-Peter Clausen
@ 2011-10-24 12:05     ` Jonathan Cameron
  0 siblings, 0 replies; 4+ messages in thread
From: Jonathan Cameron @ 2011-10-24 12:05 UTC (permalink / raw)
  To: Lars-Peter Clausen
  Cc: Michael Hennerich, linux-iio, device-drivers-devel, drivers

On 10/24/11 12:59, Lars-Peter Clausen wrote:
> On 10/24/2011 01:55 PM, Jonathan Cameron wrote:
>> On 10/24/11 12:52, Lars-Peter Clausen wrote:
>>> Make sure that the userspace buffer is large enough to hold a iio_event_data
>>> struct before writing to it.
>>>
>> Good catch.  Shall I tack this on the end of the two fixes sets I sent earlier?
> 
> Fine with me. Thanks.
> 
Cool, both this and the iio_utils.h one are in the github master branch now
(I'll rebase the others in a sec).  I switched to Signed-off-by as they are
passing through my hands.  Thanks for these.

Jonathan.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-10-24 12:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-24 11:52 [PATCH] staging:iio:events: Make sure userspace buffer is large enough Lars-Peter Clausen
2011-10-24 11:55 ` Jonathan Cameron
2011-10-24 11:59   ` Lars-Peter Clausen
2011-10-24 12:05     ` Jonathan Cameron

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.