From patchwork Fri Jul 18 11:18:28 2008
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sven Eckelmann <sven.eckelmann@gmx.de>
X-Patchwork-Id: 5344
Received: from lana.hrz.tu-chemnitz.de (lana.hrz.tu-chemnitz.de
	[134.109.132.3])
	by open-mesh.net (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id
	m6IBKWY7009545
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <b.a.t.m.a.n@open-mesh.net>; Fri, 18 Jul 2008 13:20:33 +0200
Received: from galba.hrz.tu-chemnitz.de ([134.109.133.156]
	helo=mailbox.hrz.tu-chemnitz.de)
	by lana.hrz.tu-chemnitz.de with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.69) (envelope-from <sven.eckelmann@gmx.de>)
	id 1KJnxQ-0003AX-Ol
	for b.a.t.m.a.n@open-mesh.net; Fri, 18 Jul 2008 13:17:04 +0200
Received: from vpnclient-003.hrz.tu-chemnitz.de ([134.109.232.3]
	helo=sven-desktop)
	by mailbox.hrz.tu-chemnitz.de with smtp (Exim 4.69)
	(envelope-from <sven.eckelmann@gmx.de>) id 1KJnxQ-0000gO-Gq
	for b.a.t.m.a.n@open-mesh.net; Fri, 18 Jul 2008 13:17:04 +0200
Received: by sven-desktop (nbSMTP-1.00) for uid 1000
	sven.eckelmann@gmx.de; Fri, 18 Jul 2008 13:18:29 +0200 (CEST)
Date: Fri, 18 Jul 2008 13:18:28 +0200
From: Sven Eckelmann <sven.eckelmann@gmx.de>
To: b.a.t.m.a.n@open-mesh.net
Message-ID: <20080718111828.GA30595@sven-desktop.lazhur.ath.cx>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Scan-Signature: c4e529ea06550f8ae756d457c1b9e21b
Subject: [B.A.T.M.A.N.] [PATCH] Don't process the icmp packet further when
	we could not read it
X-BeenThere: b.a.t.m.a.n@open-mesh.net
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@open-mesh.net>
List-Id: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n.open-mesh.net>
List-Unsubscribe: <https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@open-mesh.net?subject=unsubscribe>
List-Archive: <http://list.open-mesh.net/pipermail/b.a.t.m.a.n>
List-Post: <mailto:b.a.t.m.a.n@open-mesh.net>
List-Help: <mailto:b.a.t.m.a.n-request@open-mesh.net?subject=help>
List-Subscribe: <https://list.open-mesh.net/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@open-mesh.net?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2008 11:20:33 -0000

__copy_from_user returns the number of bytes it could not read when it
fails. It makes no sense to process the data further if we don't have it
in a complete form.
access_ok will only check if it may be valid but not if it is definitly valid.

Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
---
 batman-adv-kernelland/batman-core/device.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/batman-adv-kernelland/batman-core/device.c b/batman-adv-kernelland/batman-core/device.c
index 6608f13..c401634 100644
--- a/batman-adv-kernelland/batman-core/device.c
+++ b/batman-adv-kernelland/batman-core/device.c
@@ -229,7 +229,9 @@ ssize_t bat_device_write(struct file *file, const char __user *buff, size_t len,
 	if (!access_ok(VERIFY_READ, buff, sizeof(struct icmp_packet)))
 		return -EFAULT;
 
-	__copy_from_user(&icmp_packet, buff, sizeof(icmp_packet));
+	if (__copy_from_user(&icmp_packet, buff, sizeof(icmp_packet))) {
+		return -EFAULT;
+	}
 
 	if ((icmp_packet.packet_type == BAT_ICMP) && (icmp_packet.msg_type == ECHO_REQUEST)) {