Am Dienstag, 17. Januar 2006 00:12 schrieb Shaun Pereira:
> +static int compat_x25_subscr_ioctl(unsigned int cmd,
> + struct compat_x25_subscrip_struct __user *x25_subscr32)
> +{
> + struct x25_subscrip_struct x25_subscr;
> + struct x25_neigh *nb;
> + struct net_device *dev;
> + int rc = -EINVAL;
> +
> + if (cmd != SIOCX25GSUBSCRIP && cmd != SIOCX25SSUBSCRIP)
> + goto out;
btw, the above check is not needed here, but that's not my point.
> +
> + rc = -EFAULT;
> + if(copy_from_user(&x25_subscr, x25_subscr32, sizeof(*x25_subscr32)))
> + goto out;
Unfortunately, I just found another bug in this code, similar to one you
already fixed in the sock_get_timestamp handler:
You can't do the copy_from_user like this if the arguments have different
types. Changing the declaration 'struct x25_subscrip_struct x25_subscr;'
to 'struct compat_x25_subscrip_struct x25_subscr;' should fix this problem,
but please verify that it really works with a test case that relies on the
contents of x25_subscr->extended.
Arnd <><
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
