korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-26 13:44:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

sanitize do_i2c_smbus_ioctl()

Browse Source 
no need to mess with __copy_in_user()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2017-05-02 12:46:27 -04:00
parent 2ea659a9ef
commit 8d1a81a852
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fs/compat_ioctl.c
View File

@ -739,23 +739,22 @@ static int do_i2c_smbus_ioctl(struct file *file,
unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata) unsigned int cmd, struct i2c_smbus_ioctl_data32 __user *udata)
{ {
struct i2c_smbus_ioctl_data __user *tdata; struct i2c_smbus_ioctl_data __user *tdata;
compat_caddr_t datap; union {
/* beginnings of those have identical layouts */
struct i2c_smbus_ioctl_data32 data32;
struct i2c_smbus_ioctl_data data;
} v;
tdata = compat_alloc_user_space(sizeof(*tdata)); tdata = compat_alloc_user_space(sizeof(*tdata));
if (tdata == NULL) if (tdata == NULL)
return -ENOMEM; return -ENOMEM;
if (!access_ok(VERIFY_WRITE, tdata, sizeof(*tdata)))
return -EFAULT;
if (!access_ok(VERIFY_READ, udata, sizeof(*udata))) memset(&v, 0, sizeof(v));
if (copy_from_user(&v.data32, udata, sizeof(v.data32)))
return -EFAULT; return -EFAULT;
v.data.data = compat_ptr(v.data32.data);
if (__copy_in_user(&tdata->read_write, &udata->read_write, 2 * sizeof(u8))) if (copy_to_user(tdata, &v.data, sizeof(v.data)))
return -EFAULT;
if (__copy_in_user(&tdata->size, &udata->size, 2 * sizeof(u32)))
return -EFAULT;
if (__get_user(datap, &udata->data) ||
__put_user(compat_ptr(datap), &tdata->data))
return -EFAULT; return -EFAULT;
return do_ioctl(file, cmd, (unsigned long)tdata); return do_ioctl(file, cmd, (unsigned long)tdata);