aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2008-04-25 01:49:48 -0700
committerGreg Kroah-Hartman <gregkh@suse.de>2008-05-01 14:44:32 -0700
commitdc2ee1a436bee6ada5afeedb62dc015ed5553f3d (patch)
tree40564ab300c5b428993c65fa044965bd8ffe285e
parent75e109ad447b0bded3f0e2b2def52bce4fa9a1ea (diff)
net: Fix wrong interpretation of some copy_to_user() results.
[ Upstream commit: 653252c2302cdf2dfbca66a7e177f7db783f9efa ] I found some places, that erroneously return the value obtained from the copy_to_user() call: if some amount of bytes were not able to get to the user (this is what this one returns) the proper behavior is to return the -EFAULT error, not that number itself. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--net/can/raw.c3
-rw-r--r--net/dccp/probe.c2
-rw-r--r--net/tipc/socket.c4
3 files changed, 5 insertions, 4 deletions
diff --git a/net/can/raw.c b/net/can/raw.c
index 94cd7f27c44..c92cb8e48a2 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -573,7 +573,8 @@ static int raw_getsockopt(struct socket *sock, int level, int optname,
int fsize = ro->count * sizeof(struct can_filter);
if (len > fsize)
len = fsize;
- err = copy_to_user(optval, ro->filter, len);
+ if (copy_to_user(optval, ro->filter, len))
+ err = -EFAULT;
} else
len = 0;
release_sock(sk);
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index 7053bb827bc..44eddcf5f49 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -145,7 +145,7 @@ static ssize_t dccpprobe_read(struct file *file, char __user *buf,
goto out_free;
cnt = kfifo_get(dccpw.fifo, tbuf, len);
- error = copy_to_user(buf, tbuf, cnt);
+ error = copy_to_user(buf, tbuf, cnt) ? -EFAULT : 0;
out_free:
vfree(tbuf);
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 22909036b9b..ac0473370e7 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1600,8 +1600,8 @@ static int getsockopt(struct socket *sock,
else if (len < sizeof(value)) {
res = -EINVAL;
}
- else if ((res = copy_to_user(ov, &value, sizeof(value)))) {
- /* couldn't return value */
+ else if (copy_to_user(ov, &value, sizeof(value))) {
+ res = -EFAULT;
}
else {
res = put_user(sizeof(value), ol);