From: "Randy.Dunlap" <rddunlap@osdl.org>, Daniele Bellucci <bellucda@tiscali.it>

This patch audit some copy_from/to_user in SysKonnect FDDI device driver.



 25-akpm/drivers/net/skfp/skfddi.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff -puN drivers/net/skfp/skfddi.c~skfddi-copy_user-checks drivers/net/skfp/skfddi.c
--- 25/drivers/net/skfp/skfddi.c~skfddi-copy_user-checks	Thu Sep  4 11:26:12 2003
+++ 25-akpm/drivers/net/skfp/skfddi.c	Thu Sep  4 11:26:12 2003
@@ -56,6 +56,8 @@
  *		12-Nov-99	CG	Source code release
  *		22-Nov-99	CG	Included in kernel source.
  *		07-May-00	DM	64 bit fixes, new dma interface
+ *		31-Jul-03	DB	Audit copy_*_user in skfp_ioctl
+ *					  Daniele Bellucci <bellucda@tiscali.it>
  *
  * Compilation options (-Dxxx):
  *              DRIVERDEBUG     print lots of messages to log file
@@ -1266,11 +1268,13 @@ static int skfp_ioctl(struct net_device 
 	struct s_skfp_ioctl ioc;
 	int status = 0;
 
-	copy_from_user(&ioc, rq->ifr_data, sizeof(struct s_skfp_ioctl));
+	if (copy_from_user(&ioc, rq->ifr_data, sizeof(struct s_skfp_ioctl)))
+		return -EFAULT;
 	switch (ioc.cmd) {
 	case SKFP_GET_STATS:	/* Get the driver statistics */
 		ioc.len = sizeof(lp->MacStat);
-		copy_to_user(ioc.data, skfp_ctl_get_stats(dev), ioc.len);
+		status = copy_to_user(ioc.data, skfp_ctl_get_stats(dev), ioc.len)
+				? -EFAULT : 0;
 		break;
 	case SKFP_CLR_STATS:	/* Zero out the driver statistics */
 		if (!capable(CAP_NET_ADMIN)) {

_