aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2008-04-25 04:49:48 -0400
committerDavid S. Miller <davem@davemloft.net>2008-04-25 04:49:48 -0400
commit653252c2302cdf2dfbca66a7e177f7db783f9efa (patch)
tree8d77bebbe29378c818313e4557242548b923d787
parentcc93d7d77d28d65d4f947dabc95a01c42d713ea3 (diff)
net: Fix wrong interpretation of some copy_to_user() results.
I found some places, that erroneously return the value obtained from the copy_to_user() call: if some amount of bytes were not able to get to the user (this is what this one returns) the proper behavior is to return the -EFAULT error, not that number itself. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/can/raw.c3
-rw-r--r--net/dccp/probe.c2
-rw-r--r--net/tipc/socket.c4
3 files changed, 5 insertions, 4 deletions
diff --git a/net/can/raw.c b/net/can/raw.c
index ead50c7c0d4..201cbfc6b9e 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -573,7 +573,8 @@ static int raw_getsockopt(struct socket *sock, int level, int optname,
573 int fsize = ro->count * sizeof(struct can_filter); 573 int fsize = ro->count * sizeof(struct can_filter);
574 if (len > fsize) 574 if (len > fsize)
575 len = fsize; 575 len = fsize;
576 err = copy_to_user(optval, ro->filter, len); 576 if (copy_to_user(optval, ro->filter, len))
577 err = -EFAULT;
577 } else 578 } else
578 len = 0; 579 len = 0;
579 release_sock(sk); 580 release_sock(sk);
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index 6e1df62bd7c..0bcdc925027 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -140,7 +140,7 @@ static ssize_t dccpprobe_read(struct file *file, char __user *buf,
140 goto out_free; 140 goto out_free;
141 141
142 cnt = kfifo_get(dccpw.fifo, tbuf, len); 142 cnt = kfifo_get(dccpw.fifo, tbuf, len);
143 error = copy_to_user(buf, tbuf, cnt); 143 error = copy_to_user(buf, tbuf, cnt) ? -EFAULT : 0;
144 144
145out_free: 145out_free:
146 vfree(tbuf); 146 vfree(tbuf);
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 05853159536..230f9ca2ad6 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1756,8 +1756,8 @@ static int getsockopt(struct socket *sock,
1756 else if (len < sizeof(value)) { 1756 else if (len < sizeof(value)) {
1757 res = -EINVAL; 1757 res = -EINVAL;
1758 } 1758 }
1759 else if ((res = copy_to_user(ov, &value, sizeof(value)))) { 1759 else if (copy_to_user(ov, &value, sizeof(value))) {
1760 /* couldn't return value */ 1760 res = -EFAULT;
1761 } 1761 }
1762 else { 1762 else {
1763 res = put_user(sizeof(value), ol); 1763 res = put_user(sizeof(value), ol);