Added checking of values returned by copy_to/from_user
authorppisa <ppisa>
Thu, 3 Feb 2005 16:40:08 +0000 (16:40 +0000)
committerppisa <ppisa>
Thu, 3 Feb 2005 16:40:08 +0000 (16:40 +0000)
to fulfill 2.6.x kernel rules.

lincan/src/ioctl.c
lincan/src/read.c
lincan/src/write.c

index f6f8ff4..38d75a4 100644 (file)
@@ -78,7 +78,9 @@ int can_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned
                
                case CANQUE_FILTER: {
                        struct canfilt_t canfilt;
-                       copy_from_user(&canfilt, (void*)arg, sizeof(struct canfilt_t));
+                       int ret;
+                       ret = copy_from_user(&canfilt, (void*)arg, sizeof(struct canfilt_t));
+                       if(ret) return -EFAULT;
                        if(canuser->rx_edge0){
                                canque_set_filt(canuser->rx_edge0, canfilt.id, canfilt.mask, canfilt.flags);
                        }
@@ -89,10 +91,12 @@ int can_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned
                        int ret;
                        struct canmsg_t rtr_msg;
                        
-                       copy_from_user(&rtr_msg, (void*)arg, sizeof(struct canmsg_t));
+                       ret = copy_from_user(&rtr_msg, (void*)arg, sizeof(struct canmsg_t));
+                       if(ret) return -EFAULT;
                        ret = can_ioctl_remote_read(canuser, &rtr_msg, rtr_msg.id, 0);
                        if(ret<0) return ret;
-                       copy_to_user((void*)arg, &rtr_msg, sizeof(struct canmsg_t));
+                       ret = copy_to_user((void*)arg, &rtr_msg, sizeof(struct canmsg_t));
+                       if(ret) return -EFAULT;
                        break;
                }
 
@@ -110,7 +114,11 @@ int can_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned
                
                case CONF_BAUDPARAMS: {
                        struct can_baudparams_t params;
-                       copy_from_user(&params, (void*)arg, sizeof(struct can_baudparams_t));
+                       int ret;
+                       
+                       ret = copy_from_user(&params, (void*)arg, sizeof(struct can_baudparams_t));
+                       if(ret) return -EFAULT;
+
                        if(params.flags == -1) params.flags = 0;
                        if(params.baudrate == -1) params.baudrate = chip->baudrate;
                        if(params.sjw == -1) params.sjw = 0;
index c16c76b..a6f5305 100644 (file)
@@ -54,19 +54,21 @@ ssize_t can_read(struct file *file, char *buffer, size_t length, loff_t *offset)
                }
        }
        
-       copy_to_user(buffer, &slot->msg, sizeof(struct canmsg_t));
+       ret = copy_to_user(buffer, &slot->msg, sizeof(struct canmsg_t));
        canque_free_outslot(qends, qedge, slot);
        buffer += sizeof(struct canmsg_t);
        bytes_to_copy = length-sizeof(struct canmsg_t);
+       if(ret) return -EFAULT;
        
        while (bytes_to_copy > 0) {
                ret=canque_test_outslot(qends, &qedge, &slot);
                if(ret<0)
                        break;
-               copy_to_user(buffer, &slot->msg, sizeof(struct canmsg_t));
+               ret = copy_to_user(buffer, &slot->msg, sizeof(struct canmsg_t));
                canque_free_outslot(qends, qedge, slot);
                buffer += sizeof(struct canmsg_t);
                bytes_to_copy -= sizeof(struct canmsg_t);
+               if(ret) return -EFAULT;
        }
 
        return length-bytes_to_copy;
index dccade1..4b65a14 100644 (file)
@@ -20,7 +20,7 @@ ssize_t can_write(struct file *file, const char *buffer, size_t length, loff_t *
        struct canque_ends_t *qends;
        struct canque_edge_t *qedge;
        struct canque_slot_t *slot;
-       int ret = 0;
+       int ret;
        unsigned bytes_to_copy;
 
        if(!canuser || (canuser->magic != CAN_USER_MAGIC)){
@@ -53,7 +53,8 @@ ssize_t can_write(struct file *file, const char *buffer, size_t length, loff_t *
 
 
        /* Prepare first message */
-       copy_from_user(&msg_buff, buffer, sizeof(struct canmsg_t));
+       ret = copy_from_user(&msg_buff, buffer, sizeof(struct canmsg_t));
+       if(ret) return -EFAULT;
 
        /* Automatic selection of extended format if ID>2047 */
        if (msg_buff.id & ~0x7ffl & MSG_ID_MASK ) msg_buff.flags |= MSG_EXT;
@@ -91,7 +92,8 @@ ssize_t can_write(struct file *file, const char *buffer, size_t length, loff_t *
        while (bytes_to_copy >= sizeof(struct canmsg_t)) {
                bytes_to_copy -= sizeof(struct canmsg_t);
                /* Prepare first message */
-               copy_from_user(&msg_buff, buffer, sizeof(struct canmsg_t));
+               ret = copy_from_user(&msg_buff, buffer, sizeof(struct canmsg_t));
+               if(ret) return -EFAULT;
 
                /* Automatic selection of extended format if ID>2047 */
                if (msg_buff.id & ~0x7ffl & MSG_ID_MASK ) msg_buff.flags |= MSG_EXT;