Your patch to IOCTL_BCM_REGISTER_READ_PRIVATE fixed some real security problems, but there aren't any here in the original code that I can see. It's true that the usb_control_msg() can only handle a USHRT_MAX so if you passed in a value greater than that, you might get an unexpected return value. But that's the only problem I see here. If IoBuffer.OutputLength then it will pass zero bytes back to the user and report success. This is actually pretty common in the kernel... On the other hand, this patch make IOCTL_BCM_EEPROM_REGISTER_READ and IOCTL_BCM_REGISTER_READ_PRIVATE symetric and it does fix a return value bug. So it would probably be fine to merge it as a cleanup patch. Maybe you could resend it with a different changelog? regards, dan carpenter
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
