The main problem with the hand rolled code was that there weren't any
range checks so you could corrupt memory by writing too much data to
the proc file.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Daniel Cotey <puff65537@xxxxxxxxxxxxxxxxxxx>
---
drivers/staging/silicom/bp_mod.c | 32 ++++++++++----------------------
1 file changed, 10 insertions(+), 22 deletions(-)
diff --git a/drivers/staging/silicom/bp_mod.c b/drivers/staging/silicom/bp_mod.c
index 1b3f5e7..f138d29 100644
--- a/drivers/staging/silicom/bp_mod.c
+++ b/drivers/staging/silicom/bp_mod.c
@@ -8071,20 +8071,13 @@ int
set_bypass_wd_pfs(struct file *file, const char *buffer,
unsigned long count, void *data)
{
-
- char kbuf[256];
bpctl_dev_t *pbp_device_block = (bpctl_dev_t *) data;
+ int timeout;
+ int ret;
- unsigned int timeout = 0;
- char *timeout_ptr = kbuf;
-
- if (copy_from_user(&kbuf, buffer, count)) {
- return -1;
- }
-
- timeout_ptr = kbuf;
- timeout = atoi(&timeout_ptr);
-
+ ret = kstrtoint_from_user(buffer, count, 10, &timeout);
+ if (ret)
+ return ret;
set_bypass_wd_fn(pbp_device_block, timeout);
return count;
@@ -8712,18 +8705,13 @@ int
set_wd_autoreset_pfs(struct file *file, const char *buffer,
unsigned long count, void *data)
{
- char kbuf[256];
bpctl_dev_t *pbp_device_block = (bpctl_dev_t *) data;
- u32 timeout = 0;
- char *timeout_ptr = kbuf;
-
- if (copy_from_user(&kbuf, buffer, count)) {
- return -1;
- }
-
- timeout_ptr = kbuf;
- timeout = atoi(&timeout_ptr);
+ int timeout;
+ int ret;
+ ret = kstrtoint_from_user(buffer, count, 10, &timeout);
+ if (ret)
+ return ret;
set_wd_autoreset_fn(pbp_device_block, timeout);
return count;
--
1.7.11.4
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
