beceem: don't overrun user buffer on read

Serious bug in original code, if app reads 10 bytes but 20 byte msg received memory would get overwritten. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
2010-11-01 13:59:01 -04:00 · 2010-11-01 13:59:01 -04:00 · 9c5d77009d
parent 5cf084f44a
commit 9c5d77009d
1 changed files with 1 additions and 1 deletions
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@ -139,7 +139,7 @@ static ssize_t bcm_char_read(struct file *filp, char __user *buf, size_t size, l
 	if(Packet)
 	{
 		PktLen = Packet->len;
-		if(copy_to_user(buf, Packet->data, PktLen))
+		if(copy_to_user(buf, Packet->data, min_t(size_t, PktLen, size)))
 		{
 			dev_kfree_skb(Packet);
 			BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "\nReturning from copy to user failure \n");