Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

beceem: don't overrun user buffer on read

Serious bug in original code, if app reads 10 bytes but 20 byte msg
received memory would get overwritten.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Stephen Hemminger 14 years ago
parent
5cf084f44a
commit
9c5d77009d
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      drivers/staging/bcm/Bcmchar.c

+ 1 - 1
drivers/staging/bcm/Bcmchar.c
View File 

@@ -139,7 +139,7 @@ static ssize_t bcm_char_read(struct file *filp, char __user *buf, size_t size, l
 
 	if(Packet)
 
 	{
 
 		PktLen = Packet->len;
 
-		if(copy_to_user(buf, Packet->data, PktLen))
 
+		if(copy_to_user(buf, Packet->data, min_t(size_t, PktLen, size)))
 
 		{
 
 			dev_kfree_skb(Packet);
 
 			BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "\nReturning from copy to user failure \n");