[PATCH] mxser.c: check copy*user/put_user return and use capable

From: Arnaldo Carvalho de Melo (acme@conectiva.com.br)
Date: Thu Aug 24 2000 - 19:31:21 EST

Next message: Arnaldo Carvalho de Melo: "[RFC] question about hardware watchdogs"
Previous message: Michael Peddemors: "FWD: 2.4 kernel causing BIOS Ram check problems vs 2.2 (Good comments)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Please consider applying.

- Arnaldo

--- linux-2.4.0-test7/drivers/char/mxser.c Mon Jun 19 17:25:06 2000
+++ linux-2.4.0-test7.acme/drivers/char/mxser.c Thu Aug 24 21:25:34 2000
@@ -30,6 +30,11 @@
  * for : LINUX 2.0.X, 2.2.X
  * date : 1999/07/22
  * version : 1.1
+ *
+ * Changes:
+ * Arnaldo Carvalho de Melo <acme@conectiva.com.br> 08/25/2000
+ * - check copy_*_user/put_user return values
+ * - use capable instead of suser
  *
  */

@@ -897,7 +902,11 @@
                         break;

                 if (from_user) {
- copy_from_user(mxvar_tmp_buf, buf, c);
+ if (copy_from_user(mxvar_tmp_buf, buf, c)) {
+ restore_flags(flags);
+ up(&mxvar_tmp_buf_sem);
+ return 0;
+ }
                         c = MIN(c, MIN(SERIAL_XMIT_SIZE - info->xmit_cnt - 1,
                                     SERIAL_XMIT_SIZE - info->xmit_head));
                         memcpy(info->xmit_buf + info->xmit_head, mxvar_tmp_buf, c);
@@ -1668,7 +1677,7 @@
          */
         if (inb(info->base + UART_LSR) == 0xff) {
                 restore_flags(flags);
- if (suser()) {
+ if (capable(CAP_SYS_ADMIN)) {
                         if (info->tty)
                                 set_bit(TTY_IO_ERROR, &info->tty->flags);
                         return (0);
@@ -2112,7 +2121,8 @@
         tmp.closing_wait = info->closing_wait;
         tmp.custom_divisor = info->custom_divisor;
         tmp.hub6 = 0;
- copy_to_user(retinfo, &tmp, sizeof(*retinfo));
+ if (copy_to_user(retinfo, &tmp, sizeof(*retinfo)))
+ return -EFAULT;
         return (0);
}

@@ -2125,7 +2135,8 @@

         if (!new_info || !info->base)
                 return (-EFAULT);
- copy_from_user(&new_serial, new_info, sizeof(new_serial));
+ if (copy_from_user(&new_serial, new_info, sizeof(new_serial)))
+ return -EFAULT;

         if ((new_serial.irq != info->irq) ||
             (new_serial.port != info->base) ||
@@ -2136,7 +2147,7 @@

         flags = info->flags & ASYNC_SPD_MASK;

- if (!suser()) {
+ if (!capable(CAP_SYS_ADMIN)) {
                 if ((new_serial.baud_base != info->baud_base) ||
                     (new_serial.close_delay != info->close_delay) ||
                     ((new_serial.flags & ~ASYNC_USR_MASK) !=
@@ -2185,8 +2196,7 @@
         status = inb(info->base + UART_LSR);
         restore_flags(flags);
         result = ((status & UART_LSR_TEMT) ? TIOCSER_TEMT : 0);
- put_user(result, value);
- return (0);
+ return put_user(result, value);
}

/*
@@ -2226,8 +2236,7 @@
             ((status & UART_MSR_RI) ? TIOCM_RNG : 0) |
             ((status & UART_MSR_DSR) ? TIOCM_DSR : 0) |
             ((status & UART_MSR_CTS) ? TIOCM_CTS : 0);
- put_user(result, value);
- return (0);
+ return put_user(result, value);
}

static int mxser_set_modem_info(struct mxser_struct *info, unsigned int cmd,
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnaldo Carvalho de Melo: "[RFC] question about hardware watchdogs"
Previous message: Michael Peddemors: "FWD: 2.4 kernel causing BIOS Ram check problems vs 2.2 (Good comments)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:15 EST