git projects / ziggy471-frankenstein-kernel.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree | latest snapshot
plain | history

Update to 2.6.32.39 Mainline
/net/irda/af_irda.c
blob:b6cef980095fe745340dc78ce550ed20985c91e9 -> blob:476b24ee7b712fa4c65b9fd160c2a63b2dfbe18a
--- net/irda/af_irda.c
+++ net/irda/af_irda.c
@@ -2164,6 +2164,14 @@ static int irda_getsockopt(struct socket
switch (optname) {
case IRLMP_ENUMDEVICES:
+
+ /* Offset to first device entry */
+ offset = sizeof(struct irda_device_list) -
+ sizeof(struct irda_device_info);
+
+ if (len < offset)
+ return -EINVAL;
+
/* Ask lmp for the current discovery log */
discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
self->nslots);
@@ -2173,15 +2181,9 @@ static int irda_getsockopt(struct socket
err = 0;
/* Write total list length back to client */
- if (copy_to_user(optval, &list,
- sizeof(struct irda_device_list) -
- sizeof(struct irda_device_info)))
+ if (copy_to_user(optval, &list, offset))
err = -EFAULT;
- /* Offset to first device entry */
- offset = sizeof(struct irda_device_list) -
- sizeof(struct irda_device_info);
-
/* Copy the list itself - watch for overflow */
if(list.len > 2048)
{
Frankenstine (BRAVO/EVO/INC) kernel source