Commit d929dc2b authored by Kulikov Vasiliy's avatar Kulikov Vasiliy Committed by Linus Torvalds

i2o: fix overflow of copy_to_user()

If (len > reslen) we must not call copy_to_user() since kernel buffer is
smaller than we want to copy.  Similar code in this file is correct, so
this bug was a typo.
Signed-off-by: default avatarKulikov Vasiliy <segooon@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 32fa4549
...@@ -115,7 +115,7 @@ static int i2o_cfg_gethrt(unsigned long arg) ...@@ -115,7 +115,7 @@ static int i2o_cfg_gethrt(unsigned long arg)
put_user(len, kcmd.reslen); put_user(len, kcmd.reslen);
if (len > reslen) if (len > reslen)
ret = -ENOBUFS; ret = -ENOBUFS;
if (copy_to_user(kcmd.resbuf, (void *)hrt, len)) else if (copy_to_user(kcmd.resbuf, (void *)hrt, len))
ret = -EFAULT; ret = -EFAULT;
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment