[patch 4/5] net/ipv6/ip6_flowlabel.c: copy_to_user return code

[patch 4/5] net/ipv6/ip6_flowlabel.c: copy_to_user return code

[domen]

compile warning cleanup - handle copy_to/from_user error 
returns

Signed-off-by: Stephen Biggs <yrgrknmxpzlk@gawab.com>
Signed-off-by: Domen Puncer <domen@coderock.org>
---


 kj-domen/net/ipv6/ip6_flowlabel.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff -puN net/ipv6/ip6_flowlabel.c~return_code-net_ipv6_ip6_flowlabel net/ipv6/ip6_flowlabel.c
--- kj/net/ipv6/ip6_flowlabel.c~return_code-net_ipv6_ip6_flowlabel	2005-03-05 16:13:10.000000000 +0100
+++ kj-domen/net/ipv6/ip6_flowlabel.c	2005-03-05 16:13:10.000000000 +0100
@@ -537,9 +537,13 @@ release:
 			goto done;
 
 		/* Do not check for fault */
-		if (!freq.flr_label)
-			copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
-				     &fl->label, sizeof(fl->label));
+		if (!freq.flr_label) {
+			if (copy_to_user(&((struct in6_flowlabel_req __user *)optval)->flr_label,
+				     &fl->label, sizeof(fl->label))) {
+				err = -EFAULT;
+				goto done;
+			}
+		}
 
 		sfl1->fl = fl;
 		sfl1->next = np->ipv6_fl_list;
_

Re: [patch 4/5] net/ipv6/ip6_flowlabel.c: copy_to_user return code

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20050306222118.401D11ED3D@trashy.coderock.org> (at Sun, 06 Mar 2005 23:21:17 +0100), domen@coderock.org says:

> 
> compile warning cleanup - handle copy_to/from_user error 
> returns

Wrong. You introduce a leak.

>  		/* Do not check for fault */
> -		if (!freq.flr_label)
> -			copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
> -				     &fl->label, sizeof(fl->label));

Don't you see the comment: "Do not check for fault?"

--yoshfuji

Re: [patch 4/5] net/ipv6/ip6_flowlabel.c: copy_to_user return code

[YOSHIFUJI Hideaki / 吉藤英明]

In article <20050307.073213.32943613.yoshfuji@linux-ipv6.org> (at Mon, 07 Mar 2005 07:32:13 +0900 (JST)), YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> says:

> In article <20050306222118.401D11ED3D@trashy.coderock.org> (at Sun, 06 Mar 2005 23:21:17 +0100), domen@coderock.org says:
> 
> > 
> > compile warning cleanup - handle copy_to/from_user error 
> > returns
> 
> Wrong. You introduce a leak.

Ah, sorry, not really, but I still think it is wrong:
fl_intern() insert it to hash, and
then you freed up the memory.
I believe this is wrong.

--yoshfuji

Re: [patch 4/5] net/ipv6/ip6_flowlabel.c: copy_to_user return code

[Stephen Biggs]

Mr. Hideaki,

Thank you very much (domo arigato gozaimasu) for your feedback.  Please 
see below for my comments.

On 7 Mar 2005 at 7:38, B wrote:

> In article <20050307.073213.32943613.yoshfuji@linux-ipv6.org> (at Mon, 07 Mar 2005 07:32:13 +0900 (JST)), YOSHIFUJI Hideaki /  $B5HF#1QL@ (B <yoshfuji@linux-ipv6.org> says:
> 
> > In article <20050306222118.401D11ED3D@trashy.coderock.org> (at Sun, 06 Mar 2005 23:21:17 +0100), domen@coderock.org says:
> > 
> > > 
> > > compile warning cleanup - handle copy_to/from_user error 
> > > returns
> > 
> > Wrong. You introduce a leak.
> 
> Ah, sorry, not really,

Actually, you are correct.  This is one of my first attempts at a patch 
submittal and this is one of a few patches where I did not check for side 
effects.  I will try very much not to make that same mistake again.

> but I still think it is wrong:
> fl_intern() insert it to hash, and
> then you freed up the memory.
> I believe this is wrong.

Yes, you are completely correct, and thank you for catching this.

I will submit a more correct patch shortly.

> 
> --yoshfuji
>