diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-04-25 01:49:48 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-05-01 14:44:32 -0700 |
commit | dc2ee1a436bee6ada5afeedb62dc015ed5553f3d (patch) | |
tree | 40564ab300c5b428993c65fa044965bd8ffe285e /net | |
parent | 75e109ad447b0bded3f0e2b2def52bce4fa9a1ea (diff) | |
download | lwn-dc2ee1a436bee6ada5afeedb62dc015ed5553f3d.tar.gz lwn-dc2ee1a436bee6ada5afeedb62dc015ed5553f3d.zip |
net: Fix wrong interpretation of some copy_to_user() results.
[ Upstream commit: 653252c2302cdf2dfbca66a7e177f7db783f9efa ]
I found some places, that erroneously return the value obtained from
the copy_to_user() call: if some amount of bytes were not able to get
to the user (this is what this one returns) the proper behavior is to
return the -EFAULT error, not that number itself.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net')
-rw-r--r-- | net/can/raw.c | 3 | ||||
-rw-r--r-- | net/dccp/probe.c | 2 | ||||
-rw-r--r-- | net/tipc/socket.c | 4 |
3 files changed, 5 insertions, 4 deletions
diff --git a/net/can/raw.c b/net/can/raw.c index 94cd7f27c444..c92cb8e48a23 100644 --- a/net/can/raw.c +++ b/net/can/raw.c @@ -573,7 +573,8 @@ static int raw_getsockopt(struct socket *sock, int level, int optname, int fsize = ro->count * sizeof(struct can_filter); if (len > fsize) len = fsize; - err = copy_to_user(optval, ro->filter, len); + if (copy_to_user(optval, ro->filter, len)) + err = -EFAULT; } else len = 0; release_sock(sk); diff --git a/net/dccp/probe.c b/net/dccp/probe.c index 7053bb827bc8..44eddcf5f49d 100644 --- a/net/dccp/probe.c +++ b/net/dccp/probe.c @@ -145,7 +145,7 @@ static ssize_t dccpprobe_read(struct file *file, char __user *buf, goto out_free; cnt = kfifo_get(dccpw.fifo, tbuf, len); - error = copy_to_user(buf, tbuf, cnt); + error = copy_to_user(buf, tbuf, cnt) ? -EFAULT : 0; out_free: vfree(tbuf); diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 22909036b9bc..ac0473370e77 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -1600,8 +1600,8 @@ static int getsockopt(struct socket *sock, else if (len < sizeof(value)) { res = -EINVAL; } - else if ((res = copy_to_user(ov, &value, sizeof(value)))) { - /* couldn't return value */ + else if (copy_to_user(ov, &value, sizeof(value))) { + res = -EFAULT; } else { res = put_user(sizeof(value), ol); |