From ec9d04b2a8f00b14a3df4714820cb2cda46dc4d6 Mon Sep 17 00:00:00 2001 From: Kulikov Vasiliy Date: Wed, 28 Jul 2010 20:41:56 +0400 Subject: ALSA: asihpi: check return value of get_user() get_user() may fail, if so return -EFAULT. Signed-off-by: Kulikov Vasiliy Signed-off-by: Takashi Iwai --- sound/pci/asihpi/hpioctl.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c index 311499992a22..62895a719fcb 100644 --- a/sound/pci/asihpi/hpioctl.c +++ b/sound/pci/asihpi/hpioctl.c @@ -121,11 +121,17 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg) phpi_ioctl_data = (struct hpi_ioctl_linux __user *)arg; /* Read the message and response pointers from user space. */ - get_user(puhm, &phpi_ioctl_data->phm); - get_user(puhr, &phpi_ioctl_data->phr); + if (get_user(puhm, &phpi_ioctl_data->phm) || + get_user(puhr, &phpi_ioctl_data->phr)) { + err = -EFAULT; + goto out; + } /* Now read the message size and data from user space. */ - get_user(hm->h.size, (u16 __user *)puhm); + if (get_user(hm->h.size, (u16 __user *)puhm)) { + err = -EFAULT; + goto out; + } if (hm->h.size > sizeof(*hm)) hm->h.size = sizeof(*hm); @@ -138,7 +144,10 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg) goto out; } - get_user(res_max_size, (u16 __user *)puhr); + if (get_user(res_max_size, (u16 __user *)puhr)) { + err = -EFAULT; + goto out; + } /* printk(KERN_INFO "user response size %d\n", res_max_size); */ if (res_max_size < sizeof(struct hpi_response_header)) { HPI_DEBUG_LOG(WARNING, "small res size %d\n", res_max_size); -- cgit v1.2.3