Russell King wrote:
>
> Looking through i2c-dev.c, I noticed the following code, which appears
> to be wrong:
[...]
> 2. copy_to_user may fault, and if this is the case, the user will
> never know (the user will not see the EFAULT error code returned).
>
> There are more instances of point 2, including some with copy_from_user.
I have checked them all out (including a similar case within i2c-core.c),
and applied fixes in our master archive. They will be propagated to
the kernel tree in at most a few days (also depending on Alan Cox' speed,
of course). In the meantime, desperate people can use our CVS
archive (anon@penn.netroedge.com:/home/cvs, directory i2c, password anonymous)
Thanks for your help,
Frodo
PS Things are not as bad as you might think; at several places, we
call verify_area instead of checking the return code of
copy_{to,from}_user. As far as I know, this should also guard
against possible faults.
-- Frodo Looijaard <frodol@dds.nl> PGP key and more: http://huizen.dds.nl/~frodol Defenestration n. (formal or joc.): The act of removing Windows from your computer in disgust, usually followed by the installation of Linux or some other Unix-like operating system.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:13 EST