| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4812C973.5000504@grandegger.com>
Date: Sat, 26 Apr 2008 08:19:31 +0200
From: Wolfgang Grandegger <wg@...ndegger.com>
To: Oliver Hartkopp <oliver.hartkopp@...kswagen.de>
CC: Pavel Emelyanov <xemul@...nvz.org>,
socketcan-core@...ts.berlios.de,
Linux Netdev List <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
"Thuermann, Urs, Dr. \(K-EFFI/I\)" <urs.thuermann@...kswagen.de>
Subject: Re: [PATCH][CAN]: Fix copy_from_user() results interpretation.
Oliver Hartkopp wrote:
> Pavel Emelyanov wrote:
>> Sorry for the noise, I had to check this right after facing this problem
>> with the copy_to_user()...
>>
>> Both copy_to_ and _from_user return the number of bytes, that failed to
>> reach their destination, not the 0/-EXXX values.
>>
>> Other net/ code handles this correctly.
>>
>> Signed-off-by: Pavel Emelyanov <xemul@...nvz.org>
>>
>
> Thanks very much for catching this, Pavel!
>
> Acked-by: Oliver Hartkopp <oliver.hartkopp@...kswagen.de>
>
>> ---
>>
>> diff --git a/net/can/raw.c b/net/can/raw.c
>> index ead50c7..2be8c6e 100644
>> --- a/net/can/raw.c
>> +++ b/net/can/raw.c
>> @@ -438,12 +438,12 @@ static int raw_setsockopt(struct socket *sock,
>> int level, int optname,
>> err = copy_from_user(filter, optval, optlen);
>> if (err) {
>> kfree(filter);
>> - return err;
>> + return -EFAULT;
>> }
>> } else if (count == 1) {
>> err = copy_from_user(&sfilter, optval, optlen);
>> if (err)
>> - return err;
>> + return -EFAULT;
>> }
>>
>> lock_sock(sk);
>> @@ -495,7 +495,7 @@ static int raw_setsockopt(struct socket *sock, int
>> level, int optname,
>>
>> err = copy_from_user(&err_mask, optval, optlen);
>> if (err)
>> - return err;
>> + return -EFAULT;
>>
>> err_mask &= CAN_ERR_MASK;
>>
>> @@ -531,7 +531,8 @@ static int raw_setsockopt(struct socket *sock, int
>> level, int optname,
>> if (optlen != sizeof(ro->loopback))
>> return -EINVAL;
>>
>> - err = copy_from_user(&ro->loopback, optval, optlen);
>> + err = copy_from_user(&ro->loopback, optval, optlen) ?
>> + -EFAULT : 0;
>>
>> break;
>>
>> @@ -539,7 +540,8 @@ static int raw_setsockopt(struct socket *sock, int
>> level, int optname,
>> if (optlen != sizeof(ro->recv_own_msgs))
>> return -EINVAL;
>>
>> - err = copy_from_user(&ro->recv_own_msgs, optval, optlen);
>> + err = copy_from_user(&ro->recv_own_msgs, optval,
>> optlen) ?
>> + -EFAULT : 0;
>>
>> break;
>>
>>
What about removing the assignment "err =" in that case. It's confusing
otherwise and maybe the variable err is even obsolete.
Wolfgang.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists