]> Git Repo - J-linux.git/commitdiff
projects / J-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e67572c)
firewire: nosy: ensure user_length is taken into account when fetching packet contents
authorThanassis Avgerinos <[email protected]>
Wed, 17 Apr 2024 15:30:02 +0000 (11:30 -0400)
committerTakashi Sakamoto <[email protected]>
Mon, 29 Apr 2024 09:35:55 +0000 (18:35 +0900)
Ensure that packet_buffer_get respects the user_length provided. If
the length of the head packet exceeds the user_length, packet_buffer_get
will now return 0 to signify to the user that no data were read
and a larger buffer size is required. Helps prevent user space overflows.

Signed-off-by: Thanassis Avgerinos <[email protected]>
Signed-off-by: Takashi Sakamoto <[email protected]>
drivers/firewire/nosy.c patch | blob | blame | history

diff --git a/drivers/firewire/nosy.c b/drivers/firewire/nosy.c
index b0d671db178a85b6ab98de29f05b994db99a8697..ea31ac7ac1ca931a569af239dbaa2052448e8df5 100644 (file)
--- a/drivers/firewire/nosy.c
+++ b/drivers/firewire/nosy.c
@@ -148,10 +148,12 @@ packet_buffer_get(struct client *client, char __user *data, size_t user_length)
        if (atomic_read(&buffer->size) == 0)
                return -ENODEV;
 
-       /* FIXME: Check length <= user_length. */
+       length = buffer->head->length;
+
+       if (length > user_length)
+               return 0;
 
        end = buffer->data + buffer->capacity;
-       length = buffer->head->length;
 
        if (&buffer->head->data[length] < end) {
                if (copy_to_user(data, buffer->head->data, length))
Empty description
This page took 0.050756 seconds and 4 git commands to generate.