[patch] isdn/kcapi: return -EFAULT on copy_from

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [patch] isdn/kcapi: return -EFAULT on copy_from_user errors
@ 2010-06-03  9:56 Dan Carpenter
  2010-06-03 10:26 ` Jan Kiszka
  2010-06-03 10:29 ` David Miller
  0 siblings, 2 replies; 4+ messages in thread
From: Dan Carpenter @ 2010-06-03  9:56 UTC (permalink / raw)
  To: Karsten Keil
  Cc: David S. Miller, Jan Kiszka, Tilman Schmidt, netdev,
	kernel-janitors

copy_from_user() returns the number of bytes remaining but we should
return -EFAULT here.  The error code gets returned to the user.  Both 
old_capi_manufacturer() and capi20_manufacturer() had other places
that already returned -EFAULT so this won't break anything.

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
index bde3c88..b054494 100644
--- a/drivers/isdn/capi/kcapi.c
+++ b/drivers/isdn/capi/kcapi.c
@@ -1020,12 +1020,12 @@ static int old_capi_manufacturer(unsigned int cmd, void __user *data)
 		if (cmd == AVMB1_ADDCARD) {
 		   if ((retval = copy_from_user(&cdef, data,
 					    sizeof(avmb1_carddef))))
-			   return retval;
+			   return -EFAULT;
 		   cdef.cardtype = AVM_CARDTYPE_B1;
 		} else {
 		   if ((retval = copy_from_user(&cdef, data,
 					    sizeof(avmb1_extcarddef))))
-			   return retval;
+			   return -EFAULT;
 		}
 		cparams.port = cdef.port;
 		cparams.irq = cdef.irq;
@@ -1218,7 +1218,7 @@ int capi20_manufacturer(unsigned int cmd, void __user *data)
 		kcapi_carddef cdef;
 
 		if ((retval = copy_from_user(&cdef, data, sizeof(cdef))))
-			return retval;
+			return -EFAULT;
 
 		cparams.port = cdef.port;
 		cparams.irq = cdef.irq;

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [patch] isdn/kcapi: return -EFAULT on copy_from_user errors
  2010-06-03  9:56 [patch] isdn/kcapi: return -EFAULT on copy_from_user errors Dan Carpenter
@ 2010-06-03 10:26 ` Jan Kiszka
  2010-06-03 10:29   ` David Miller
  2010-06-03 10:29 ` David Miller
  1 sibling, 1 reply; 4+ messages in thread
From: Jan Kiszka @ 2010-06-03 10:26 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Karsten Keil, David S. Miller, Tilman Schmidt, netdev,
	kernel-janitors

[-- Attachment #1: Type: text/plain, Size: 1473 bytes --]

Dan Carpenter wrote:
> copy_from_user() returns the number of bytes remaining but we should
> return -EFAULT here.  The error code gets returned to the user.  Both 
> old_capi_manufacturer() and capi20_manufacturer() had other places
> that already returned -EFAULT so this won't break anything.
> 

Good point.

> Signed-off-by: Dan Carpenter <error27@gmail.com>
> 
> diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
> index bde3c88..b054494 100644
> --- a/drivers/isdn/capi/kcapi.c
> +++ b/drivers/isdn/capi/kcapi.c
> @@ -1020,12 +1020,12 @@ static int old_capi_manufacturer(unsigned int cmd, void __user *data)
>  		if (cmd == AVMB1_ADDCARD) {
>  		   if ((retval = copy_from_user(&cdef, data,
>  					    sizeof(avmb1_carddef))))
> -			   return retval;
> +			   return -EFAULT;
>  		   cdef.cardtype = AVM_CARDTYPE_B1;
>  		} else {
>  		   if ((retval = copy_from_user(&cdef, data,
>  					    sizeof(avmb1_extcarddef))))
> -			   return retval;
> +			   return -EFAULT;
>  		}
>  		cparams.port = cdef.port;
>  		cparams.irq = cdef.irq;
> @@ -1218,7 +1218,7 @@ int capi20_manufacturer(unsigned int cmd, void __user *data)
>  		kcapi_carddef cdef;
>  
>  		if ((retval = copy_from_user(&cdef, data, sizeof(cdef))))
> -			return retval;
> +			return -EFAULT;
>  
>  		cparams.port = cdef.port;
>  		cparams.irq = cdef.irq;

No need to assign retval anymore, it is overwritten in all non-error cases.

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 257 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [patch] isdn/kcapi: return -EFAULT on copy_from_user errors
  2010-06-03 10:26 ` Jan Kiszka
@ 2010-06-03 10:29   ` David Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2010-06-03 10:29 UTC (permalink / raw)
  To: jan.kiszka; +Cc: error27, isdn, tilman, netdev, kernel-janitors

From: Jan Kiszka <jan.kiszka@web.de>
Date: Thu, 03 Jun 2010 12:26:42 +0200

> No need to assign retval anymore, it is overwritten in all non-error cases.

I'm still going to apply this fix as-is since it's easier to validate
and provably won't introduce new compiler warnings.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [patch] isdn/kcapi: return -EFAULT on copy_from_user errors
  2010-06-03  9:56 [patch] isdn/kcapi: return -EFAULT on copy_from_user errors Dan Carpenter
  2010-06-03 10:26 ` Jan Kiszka
@ 2010-06-03 10:29 ` David Miller
  1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2010-06-03 10:29 UTC (permalink / raw)
  To: error27; +Cc: isdn, jan.kiszka, tilman, netdev, kernel-janitors

From: Dan Carpenter <error27@gmail.com>
Date: Thu, 3 Jun 2010 11:56:13 +0200

> copy_from_user() returns the number of bytes remaining but we should
> return -EFAULT here.  The error code gets returned to the user.  Both 
> old_capi_manufacturer() and capi20_manufacturer() had other places
> that already returned -EFAULT so this won't break anything.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Applied.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2010-06-03 10:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-03  9:56 [patch] isdn/kcapi: return -EFAULT on copy_from_user errors Dan Carpenter
2010-06-03 10:26 ` Jan Kiszka
2010-06-03 10:29   ` David Miller
2010-06-03 10:29 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).