On Wed, Nov 17, 2010 at 08:20:15AM +0300, Dan Carpenter wrote: > This makes several changes but they're in one function and sort of > related: > > "buf" was leaked on error. The leak if we try to read an invalid > length is the main concern because it could be triggered over and > over. > > If the copy_to_user() failed, then the original code returned the > number of bytes remaining. read() is supposed to be the opposite way, > where we return the number of bytes copied. I changed it to just return > -EFAULT on errors. > > Also I changed the debug output from "-EFAULT" to just "<fail>" because > it isn't -EFAULT necessarily. And since we go though that path if the > length is invalid now, there was another debug print that I removed. > > Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> Looks good, thanks much. Reviewed-by: Jarod Wilson <jarod@xxxxxxxxxx> Acked-by: Jarod Wilson <jarod@xxxxxxxxxx> -- Jarod Wilson jarod@xxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html