On Tue, Dec 13, 2011 at 07:27:32PM -0500, Kevin McKinney wrote: > This ioctl, IOCTL_BCM_GET_DRIVER_VERSION, is > responsible for sending the driver version > to userspace. However, the requested size stored > in IoBuffer.OutputLength may be incorrect. > Therefore, we altered the code to send the > exact length of the version, plus one for the > null character. > > Signed-off-by: Kevin McKinney <klmckinney1@xxxxxxxxx> > --- > drivers/staging/bcm/Bcmchar.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c > index c4d7a61..96945bb 100644 > --- a/drivers/staging/bcm/Bcmchar.c > +++ b/drivers/staging/bcm/Bcmchar.c > @@ -1003,7 +1003,7 @@ cntrlEnd: > if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) > return -EFAULT; > > - if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, IoBuffer.OutputLength)) > + if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, strlen(VER_FILEVERSION_STR)+1)) You should still take into consideration what the user passed as IoBuffer.OutputLength. Something like: len = min_t(ulong, IoBuffer.OutputLength, strlen(VER_FILEVERSION_STR) + 1); if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, len); regards, dan carpenter
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
