Re: [PATCH] raw1394 missing failure handling

From: Panagiotis Issaris
Date: Wed Mar 02 2005 - 07:34:35 EST

Next message: Herbert Poetzl: "Re: Linux 2.6.11"
Previous message: Mauricio Lin: "Re: [PATCH] A new entry for /proc"
In reply to: Anton Altaparmakov: "Re: [PATCH] raw1394 missing failure handling"
Next in thread: Dmitry Torokhov: "Re: [PATCH] raw1394 missing failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Anton Altaparmakov wrote:

On Wed, 2005-03-02 at 12:10 +0100, Panagiotis Issaris wrote:

In the raw1394 driver the failure handling for
a __copy_to_user call is missing.

Your patch is obviously incorrect as it doesn't free the request before
it returns.

Oops. Thanks for replying! Any more problems with the updated
patch?

With friendly regards,
Takis

--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/

diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
--- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
+++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 13:15:58.000000000 +0100
@@ -443,7 +443,11 @@ static ssize_t raw1394_read(struct file
req->req.error = RAW1394_ERROR_MEMFAULT;
}
}
- __copy_to_user(buffer, &req->req, sizeof(req->req));
+ if (__copy_to_user(buffer, &req->req, sizeof(req->req)))
+ {
+ free_pending_request(req);
+ return -EFAULT;
+ }

free_pending_request(req);
return sizeof(struct raw1394_request);

Next message: Herbert Poetzl: "Re: Linux 2.6.11"
Previous message: Mauricio Lin: "Re: [PATCH] A new entry for /proc"
In reply to: Anton Altaparmakov: "Re: [PATCH] raw1394 missing failure handling"
Next in thread: Dmitry Torokhov: "Re: [PATCH] raw1394 missing failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]