From d39b7dd1dcbf394a1cb897457c862dafe9a20ac5 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Thu, 5 Nov 2009 10:48:30 -0800 Subject: sgi-gru: decrapfiy options_write() function Not a single line of actual code in the function was really fundamentally correct. Problems ranged from lack of proper range checking, to removing the last character written (which admittedly is usually '\n'), to not accepting hex numbers even though the 'show' routine would show the data in that format. This tries to do better. Acked-by: Michael Buesch Tested-and-acked-by: Jack Steiner Cc: stable@kernel.org Cc: Jiri Kosina Cc: Michael Gilbert Signed-off-by: Linus Torvalds --- drivers/misc/sgi-gru/gruprocfs.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'drivers') diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c index ccd4408..3f2375c 100644 --- a/drivers/misc/sgi-gru/gruprocfs.c +++ b/drivers/misc/sgi-gru/gruprocfs.c @@ -161,14 +161,15 @@ static int options_show(struct seq_file *s, void *p) static ssize_t options_write(struct file *file, const char __user *userbuf, size_t count, loff_t *data) { - unsigned long val; - char buf[80]; + char buf[20]; - if (strncpy_from_user(buf, userbuf, sizeof(buf) - 1) < 0) + if (count >= sizeof(buf)) + return -EINVAL; + if (copy_from_user(buf, userbuf, count)) return -EFAULT; - buf[count - 1] = '\0'; - if (!strict_strtoul(buf, 10, &val)) - gru_options = val; + buf[count] = '\0'; + if (strict_strtoul(buf, 0, &gru_options)) + return -EINVAL; return count; } -- cgit v1.1