Hi Dan, On Wed, Dec 14, 2011 at 1:06 AM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > On Tue, Dec 13, 2011 at 07:27:32PM -0500, Kevin McKinney wrote: >> This ioctl, IOCTL_BCM_GET_DRIVER_VERSION, is >> responsible for sending the driver version >> to userspace. However, the requested size stored >> in IoBuffer.OutputLength may be incorrect. >> Therefore, we altered the code to send the >> exact length of the version, plus one for the >> null character. >> >> Signed-off-by: Kevin McKinney <klmckinney1@xxxxxxxxx> >> --- >> drivers/staging/bcm/Bcmchar.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c >> index c4d7a61..96945bb 100644 >> --- a/drivers/staging/bcm/Bcmchar.c >> +++ b/drivers/staging/bcm/Bcmchar.c >> @@ -1003,7 +1003,7 @@ cntrlEnd: >> if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) >> return -EFAULT; >> >> - if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, IoBuffer.OutputLength)) >> + if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, strlen(VER_FILEVERSION_STR)+1)) > > You should still take into consideration what the user passed as > IoBuffer.OutputLength. Something like: > > len = min_t(ulong, IoBuffer.OutputLength, strlen(VER_FILEVERSION_STR) + 1); > if (copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, len); > Good point. I will resubmit this patch. Thanks, Kevin _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
