Hi Kevin,
Thanks for your work on this. Your patch looks good. I hestitate to
ask this given that you've redone this patch several times already...
But...
On Sat, Nov 05, 2011 at 01:52:43PM -0400, Kevin McKinney wrote:
> @@ -318,11 +322,15 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
> }
>
> uiTempVar = sRdmBuffer.Register & EEPROM_REJECT_MASK;
> - Status = rdmaltWithLock(Adapter, (UINT)sRdmBuffer.Register, (PUINT)temp_buff, IoBuffer.OutputLength);
> + bytes = rdmaltWithLock(Adapter, (UINT)sRdmBuffer.Register, (PUINT)temp_buff, IoBuffer.OutputLength);
>
> - if (Status == STATUS_SUCCESS)
> + if (bytes > 0) {
> + Status = STATUS_SUCCESS;
> if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, IoBuffer.OutputLength))
^^^^^^^^^^^^^^^^^^^^^
This looks like another info leak the same as the one in
IOCTL_BCM_REGISTER_READ_PRIVATE. Could you change
"IoBuffer.OutputLength" to "bytes" here?
> Status = -EFAULT;
> + } else {
> + Status = bytes;
> + }
When you've made that change can you resend with a:
Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
regards,
dan carpenter
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
