From patchwork Sat Dec 10 14:28:36 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sven Eckelmann <sven@narfation.org>
X-Patchwork-Id: 1426
Return-Path: <sven@narfation.org>
Received: from v3-1039.vlinux.de (narfation.org [79.140.41.39])
	by open-mesh.org (Postfix) with ESMTPS id 96C8C6006C2
	for <b.a.t.m.a.n@lists.open-mesh.org>;
	Sat, 10 Dec 2011 15:28:46 +0100 (CET)
Authentication-Results: open-mesh.org; dkim=pass (1024-bit key)
	header.i=@narfation.org; dkim-adsp=pass
Received: from sven-desktop.home.narfation.org (i59F6AD83.versanet.de
	[89.246.173.131])
	by v3-1039.vlinux.de (Postfix) with ESMTPSA id 7854594020;
	Sat, 10 Dec 2011 15:30:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=narfation.org; s=mail;
	t=1323527432; bh=a8QiPzs028Pd5bvyCtOLuRVPTsrCNz6zsTS0pT78mAI=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References;
	b=IhgVg+MY4LeC3ElK90HI81QCgkYBP5+L50ic5/HLlqCdm5iuHInBJjwOjGNZbEa8e
	Wf54rI9q0CYRyjt0wsyZlrJDlj21r0HeWZvAEqhRY0VamJcFwgJ7E1dgFoFanALHSq
	TVIAvdi1XsRPUIdSg4BQ6jtFm6NSPhfN2n4Vcu/c=
From: Sven Eckelmann <sven@narfation.org>
To: b.a.t.m.a.n@lists.open-mesh.org
Date: Sat, 10 Dec 2011 15:28:36 +0100
Message-Id: <1323527316-15071-3-git-send-email-sven@narfation.org>
X-Mailer: git-send-email 1.7.7.3
In-Reply-To: <1323527316-15071-1-git-send-email-sven@narfation.org>
References: <4EE36653.4000504@gmail.com>
	<1323527316-15071-1-git-send-email-sven@narfation.org>
Subject: [B.A.T.M.A.N.] [PATCHv3 3/3] batman-adv: Only write requested
	number of byte to user buffer
X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@lists.open-mesh.org>
List-Id: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n.lists.open-mesh.org>
List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe>
List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n>
List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org>
List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help>
List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Dec 2011 14:28:46 -0000

Don't write more than the requested number of bytes of an batman-adv icmp
packet to the userspace buffer. Otherwise unrelated userspace memory might get
overridden by the kernel.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
 icmp_socket.c |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/icmp_socket.c b/icmp_socket.c
index 4dc55e8..5d69e10 100644
--- a/icmp_socket.c
+++ b/icmp_socket.c
@@ -136,10 +136,9 @@ static ssize_t bat_socket_read(struct file *file, char __user *buf,
 
 	spin_unlock_bh(&socket_client->lock);
 
-	error = copy_to_user(buf, &socket_packet->icmp_packet,
-			     socket_packet->icmp_len);
+	packet_len = min(count, socket_packet->icmp_len);
+	error = copy_to_user(buf, &socket_packet->icmp_packet, packet_len);
 
-	packet_len = socket_packet->icmp_len;
 	kfree(socket_packet);
 
 	if (error)