From: Lars-Peter Clausen <lars@metafoo.de>
Date: Wed, 26 Oct 2011 16:27:43 +0000 (+0100)
Subject: staging:iio:events: Make sure userspace buffer is large enough
X-Git-Tag: firefly_0821_release~3680^2~3804^2~101^2~335
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=dc8f52643d494eaa844002ca866d30fda142db4f;p=firefly-linux-kernel-4.4.55.git

staging:iio:events: Make sure userspace buffer is large enough

Make sure that the userspace buffer is large enough to hold a iio_event_data
struct before writing to it.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/staging/iio/industrialio-core.c b/drivers/staging/iio/industrialio-core.c
index fbf24bdc56d9..ee5e0640aa29 100644
--- a/drivers/staging/iio/industrialio-core.c
+++ b/drivers/staging/iio/industrialio-core.c
@@ -169,8 +169,11 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
 {
 	struct iio_event_interface *ev_int = filep->private_data;
 	struct iio_detected_event_list *el;
+	size_t len = sizeof(el->ev);
 	int ret;
-	size_t len;
+
+	if (count < len)
+		return -EINVAL;
 
 	mutex_lock(&ev_int->event_list_lock);
 	if (list_empty(&ev_int->det_events)) {
@@ -192,7 +195,6 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
 	el = list_first_entry(&ev_int->det_events,
 			      struct iio_detected_event_list,
 			      list);
-	len = sizeof el->ev;
 	if (copy_to_user(buf, &(el->ev), len)) {
 		ret = -EFAULT;
 		goto error_mutex_unlock;