projects
/
cascardo
/
linux.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
[cascardo/linux.git]
/
drivers
/
gpio
/
gpiolib.c
diff --git
a/drivers/gpio/gpiolib.c
b/drivers/gpio/gpiolib.c
index
f0fc3a0
..
d287cb4
100644
(file)
--- a/
drivers/gpio/gpiolib.c
+++ b/
drivers/gpio/gpiolib.c
@@
-444,6
+444,11
@@
static int linehandle_create(struct gpio_device *gdev, void __user *ip)
u32 lflags = handlereq.flags;
struct gpio_desc *desc;
u32 lflags = handlereq.flags;
struct gpio_desc *desc;
+ if (offset >= gdev->ngpio) {
+ ret = -EINVAL;
+ goto out_free_descs;
+ }
+
desc = &gdev->descs[offset];
ret = gpiod_request(desc, lh->label);
if (ret)
desc = &gdev->descs[offset];
ret = gpiod_request(desc, lh->label);
if (ret)
@@
-823,6
+828,8
@@
static long gpio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
if (cmd == GPIO_GET_CHIPINFO_IOCTL) {
struct gpiochip_info chipinfo;
if (cmd == GPIO_GET_CHIPINFO_IOCTL) {
struct gpiochip_info chipinfo;
+ memset(&chipinfo, 0, sizeof(chipinfo));
+
strncpy(chipinfo.name, dev_name(&gdev->dev),
sizeof(chipinfo.name));
chipinfo.name[sizeof(chipinfo.name)-1] = '\0';
strncpy(chipinfo.name, dev_name(&gdev->dev),
sizeof(chipinfo.name));
chipinfo.name[sizeof(chipinfo.name)-1] = '\0';
@@
-839,7
+846,7
@@
static long gpio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
if (copy_from_user(&lineinfo, ip, sizeof(lineinfo)))
return -EFAULT;
if (copy_from_user(&lineinfo, ip, sizeof(lineinfo)))
return -EFAULT;
- if (lineinfo.line_offset > gdev->ngpio)
+ if (lineinfo.line_offset >
=
gdev->ngpio)
return -EINVAL;
desc = &gdev->descs[lineinfo.line_offset];
return -EINVAL;
desc = &gdev->descs[lineinfo.line_offset];