netdev - Re: [PATCH][CAN]: Fix copy_from_user() results interpretation.

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:	Sat, 26 Apr 2008 08:19:31 +0200
From:	Wolfgang Grandegger <wg@...ndegger.com>
To:	Oliver Hartkopp <oliver.hartkopp@...kswagen.de>
CC:	Pavel Emelyanov <xemul@...nvz.org>,
	socketcan-core@...ts.berlios.de,
	Linux Netdev List <netdev@...r.kernel.org>,
	David Miller <davem@...emloft.net>,
	"Thuermann, Urs, Dr. \(K-EFFI/I\)" <urs.thuermann@...kswagen.de>
Subject: Re: [PATCH][CAN]: Fix copy_from_user() results interpretation.

Oliver Hartkopp wrote:
> Pavel Emelyanov wrote:
>> Sorry for the noise, I had to check this right after facing this problem
>> with the copy_to_user()...
>>
>> Both copy_to_ and _from_user return the number of bytes, that failed to
>> reach their destination, not the 0/-EXXX values.
>>
>> Other net/ code handles this correctly.
>>
>> Signed-off-by: Pavel Emelyanov <xemul@...nvz.org>
>>
> 
> Thanks very much for catching this, Pavel!
> 
> Acked-by: Oliver Hartkopp <oliver.hartkopp@...kswagen.de>
> 
>> ---
>>
>> diff --git a/net/can/raw.c b/net/can/raw.c
>> index ead50c7..2be8c6e 100644
>> --- a/net/can/raw.c
>> +++ b/net/can/raw.c
>> @@ -438,12 +438,12 @@ static int raw_setsockopt(struct socket *sock, 
>> int level, int optname,
>>                         err = copy_from_user(filter, optval, optlen);
>>                         if (err) {
>>                                 kfree(filter);
>> -                               return err;
>> +                               return -EFAULT;
>>                         }
>>                 } else if (count == 1) {
>>                         err = copy_from_user(&sfilter, optval, optlen);
>>                         if (err)
>> -                               return err;
>> +                               return -EFAULT;
>>                 }
>>  
>>                 lock_sock(sk);
>> @@ -495,7 +495,7 @@ static int raw_setsockopt(struct socket *sock, int 
>> level, int optname,
>>  
>>                 err = copy_from_user(&err_mask, optval, optlen);
>>                 if (err)
>> -                       return err;
>> +                       return -EFAULT;
>>  
>>                 err_mask &= CAN_ERR_MASK;
>>  
>> @@ -531,7 +531,8 @@ static int raw_setsockopt(struct socket *sock, int 
>> level, int optname,
>>                 if (optlen != sizeof(ro->loopback))
>>                         return -EINVAL;
>>  
>> -               err = copy_from_user(&ro->loopback, optval, optlen);
>> +               err = copy_from_user(&ro->loopback, optval, optlen) ?
>> +                       -EFAULT : 0;
>>  
>>                 break;
>>  
>> @@ -539,7 +540,8 @@ static int raw_setsockopt(struct socket *sock, int 
>> level, int optname,
>>                 if (optlen != sizeof(ro->recv_own_msgs))
>>                         return -EINVAL;
>>  
>> -               err = copy_from_user(&ro->recv_own_msgs, optval, optlen);
>> +               err = copy_from_user(&ro->recv_own_msgs, optval, 
>> optlen) ?
>> +                       -EFAULT : 0;
>>  
>>                 break;
>>  
>>

What about removing the assignment "err =" in that case. It's confusing
otherwise and maybe the variable err is even obsolete.

Wolfgang.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html