summaryrefslogtreecommitdiff
path: root/drivers/isdn/sc/ioctl.c
AgeCommit message (Collapse)AuthorFilesLines
2010-08-06isdn: fix information leakDan Carpenter1-5/+5
The main motivation of this patch changing strcpy() to strlcpy(). We strcpy() to copy a 48 byte buffers into a 49 byte buffers. So at best the last byte has leaked information, or maybe there is an overflow? Anyway, this patch closes the information leaks by zeroing the memory and the calls to strlcpy() prevent overflows. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-05-31drivers/isdn: Use memdup_userJulia Lawall1-17/+6
Use memdup_user when user data is immediately copied into the allocated region. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression from,to,size,flag; position p; identifier l1,l2; @@ - to = \(kmalloc@p\|kzalloc@p\)(size,flag); + to = memdup_user(from,size); if ( - to==NULL + IS_ERR(to) || ...) { <+... when != goto l1; - -ENOMEM + PTR_ERR(to) ...+> } - if (copy_from_user(to, from, size) != 0) { - <+... when != goto l2; - -EFAULT - ...+> - } // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-13drivers/isdn/sc/ioctl.c: add missing kfreeJulia Lawall1-0/+1
spid has been allocated in this function and so should be freed before leaving it, as in the other error handling cases. The semantic match that finds the problem is as follows: (http://www.emn.fr/x-info/coccinelle/) @r exists@ expression E,E1; statement S; position p1,p2,p3; @@ E =@p1 \(kmalloc\|kcalloc\|kzalloc\)(...) ... when != E = E1 if (E == NULL || ...) S ... when != E = E1 if@p2 (...) { ... when != kfree(E) } ... when != E = E1 kfree@p3(E); @forall@ position r.p2; expression r.E; int E1 != 0; @@ * if@p2 (...) { ... when != kfree(E) when strict return E1; } Signed-off-by: Julia Lawall <julia@diku.dk> Cc: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12[PATCH] drivers/isdn/sc/: proper prototypesAdrian Bunk1-10/+0
Add proper prototypes in a header file for global code under drivers/isdn/sc/. Since the GNU C compiler is now able do tell us that caller and callee disagreed about the number of arguments of setup_buffers(), this patch also fixes this bug. Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006-06-23[PATCH] i4l: memory leak fix for sc_ioctl().Jesper Juhl1-0/+1
Fix leak of `rcvmsg' in sc_ioctl(). There are two returns in the switch in sc_ioctl (the SCIOCSTART case) that may leak `rcvmsg'. This patch fixes that by adding a kfree() call at the beginning of that case. Bug found by the coverity checker as #1098 Eric Sesterhenn send me a patch to fix the leak(s) by adding 2 kfree() calls before the returns, I changed that into just a single call at the beginning. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-01[PATCH] ISDN: fix a few memory leaks in sc_ioctl()Jesper Juhl1-4/+5
Fix a few memory leaks in drivers/isdn/sc/ioctl.c::sc_ioctl() Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Acked-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-02-03[PATCH] drivers/isdn/sc/ioctl.c: copy_from_user() size fixDomen Puncer1-2/+2
A few lines above the patch we have: char *srec; srec = kmalloc(SCIOC_SRECSIZE, GFP_KERNEL); sizeof pointer is probably not meant here. Signed-off-by: Domen Puncer <domen@coderock.org> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-26[PATCH] drivers/isdn/sc/: possible cleanupsAdrian Bunk1-3/+2
This patch contains the following possible cleanips: - make some needlessly global code static - remove the compiled but completely unused debug.c - remove or #if 0 the following unused global functions: - command.c: loopback - command.c: loadproc - init.c: irq_supported - packet.c: print_skb - shmem.c: memset_shmem - timer.c: trace_timer Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-17Linux-2.6.12-rc2Linus Torvalds1-0/+601
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!