aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorGreg KH <greg@kroah.com>2010-02-15 12:37:46 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>2010-02-16 18:11:01 -0500
commitd4a4683ca054ed9917dfc9e3ff0f7ecf74ad90d6 (patch)
tree087b4ad7f541d166147f85941020bfbccfa3b0ba /drivers
parent0813e22d4e0d618eac9b47bec942bf856adca4c5 (diff)
USB: usbfs: only copy the actual data received
We need to only copy the data received by the device to userspace, not the whole kernel buffer, which can contain "stale" data. Thanks to Marcus Meissner for pointing this out and testing the fix. Reported-by: Marcus Meissner <meissner@suse.de> Tested-by: Marcus Meissner <meissner@suse.de> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/usb/core/devio.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 6e8bcdfd23b4..ca948bbc388f 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1312,9 +1312,9 @@ static int processcompl(struct async *as, void __user * __user *arg)
1312 void __user *addr = as->userurb; 1312 void __user *addr = as->userurb;
1313 unsigned int i; 1313 unsigned int i;
1314 1314
1315 if (as->userbuffer) 1315 if (as->userbuffer && urb->actual_length)
1316 if (copy_to_user(as->userbuffer, urb->transfer_buffer, 1316 if (copy_to_user(as->userbuffer, urb->transfer_buffer,
1317 urb->transfer_buffer_length)) 1317 urb->actual_length))
1318 goto err_out; 1318 goto err_out;
1319 if (put_user(as->status, &userurb->status)) 1319 if (put_user(as->status, &userurb->status))
1320 goto err_out; 1320 goto err_out;
@@ -1475,9 +1475,9 @@ static int processcompl_compat(struct async *as, void __user * __user *arg)
1475 void __user *addr = as->userurb; 1475 void __user *addr = as->userurb;
1476 unsigned int i; 1476 unsigned int i;
1477 1477
1478 if (as->userbuffer) 1478 if (as->userbuffer && urb->actual_length)
1479 if (copy_to_user(as->userbuffer, urb->transfer_buffer, 1479 if (copy_to_user(as->userbuffer, urb->transfer_buffer,
1480 urb->transfer_buffer_length)) 1480 urb->actual_length))
1481 return -EFAULT; 1481 return -EFAULT;
1482 if (put_user(as->status, &userurb->status)) 1482 if (put_user(as->status, &userurb->status))
1483 return -EFAULT; 1483 return -EFAULT;