Initial INC MR3 commit with EVO/BRAVO included and majority of the compile warnings ...
/net/irda/af_irda.c
blob:dd35641835f408d161a7d1c70550a15f1a0309ac -> blob:476b24ee7b712fa4c65b9fd160c2a63b2dfbe18a
--- net/irda/af_irda.c
+++ net/irda/af_irda.c
@@ -810,8 +810,8 @@ static int irda_bind(struct socket *sock
err = irda_open_tsap(self, addr->sir_lsap_sel, addr->sir_name);
if (err < 0) {
- kfree(self->ias_obj->name);
- kfree(self->ias_obj);
+ irias_delete_object(self->ias_obj);
+ self->ias_obj = NULL;
return err;
}
@@ -2164,6 +2164,14 @@ static int irda_getsockopt(struct socket
switch (optname) {
case IRLMP_ENUMDEVICES:
+
+ /* Offset to first device entry */
+ offset = sizeof(struct irda_device_list) -
+ sizeof(struct irda_device_info);
+
+ if (len < offset)
+ return -EINVAL;
+
/* Ask lmp for the current discovery log */
discoveries = irlmp_get_discoveries(&list.len, self->mask.word,
self->nslots);
@@ -2173,15 +2181,9 @@ static int irda_getsockopt(struct socket
err = 0;
/* Write total list length back to client */
- if (copy_to_user(optval, &list,
- sizeof(struct irda_device_list) -
- sizeof(struct irda_device_info)))
+ if (copy_to_user(optval, &list, offset))
err = -EFAULT;
- /* Offset to first device entry */
- offset = sizeof(struct irda_device_list) -
- sizeof(struct irda_device_info);
-
/* Copy the list itself - watch for overflow */
if(list.len > 2048)
{