[Asterisk-cvs] zaptel zaptel.c,1.120,1.121
kpfleming
kpfleming
Wed Sep 28 23:06:56 CDT 2005
Update of /usr/cvsroot/zaptel
In directory mongoose.digium.com:/tmp/cvs-serv9307
Modified Files:
zaptel.c
Log Message:
check results of copy_from/to_user (issue #5316)
Index: zaptel.c
===================================================================
RCS file: /usr/cvsroot/zaptel/zaptel.c,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -d -r1.120 -r1.121
--- zaptel.c 29 Sep 2005 02:29:16 -0000 1.120
+++ zaptel.c 29 Sep 2005 03:03:33 -0000 1.121
@@ -1758,7 +1758,8 @@
}
chan->writen[chan->inwritebuf] = amnt >> 1;
} else {
- copy_from_user(chan->writebuf[chan->inwritebuf], usrbuf, amnt);
+ if (copy_from_user(chan->writebuf[chan->inwritebuf], usrbuf, amnt))
+ return -EFAULT;
chan->writen[chan->inwritebuf] = amnt;
}
chan->writeidx[chan->inwritebuf] = 0;
@@ -2405,7 +2406,8 @@
memset(samples, 0, sizeof(samples));
/* XXX Unnecessary XXX */
memset(next, 0, sizeof(next));
- copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th));
+ if (copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th)))
+ return -EFAULT;
if ((th.count < 0) || (th.count > MAX_TONES)) {
printk("Too many tones included\n");
return -EINVAL;
@@ -2436,7 +2438,7 @@
}
if (copy_from_user(&td, (struct zt_tone_def *)data, sizeof(struct zt_tone_def))) {
kfree(slab);
- return -EIO;
+ return -EFAULT;
}
/* Index the current sample */
samples[x] = t = (struct zt_tone *)ptr;
@@ -2758,7 +2760,8 @@
switch(cmd) {
case ZT_GET_PARAMS: /* get channel timing parameters */
- copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param));
+ if (copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param)))
+ return -EFAULT;
/* check to see if the caller wants to receive our master channel number */
if (stack.param.channo & ZT_GET_PARAMS_RETURN_MASTER) {
@@ -2830,10 +2833,12 @@
stack.param.curlaw = ZT_LAW_ALAW;
else
stack.param.curlaw = ZT_LAW_MULAW;
- copy_to_user((struct zt_params *)data,&stack.param,sizeof(stack.param));
+ if (copy_to_user((struct zt_params *)data,&stack.param,sizeof(stack.param)))
+ return -EFAULT;
break;
case ZT_SET_PARAMS: /* set channel timing stack.paramters */
- copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param));
+ if (copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param)))
+ return -EFAULT;
/* Pick the right channo's */
if (!stack.param.channo || unit) {
stack.param.channo = unit;
@@ -2861,7 +2866,7 @@
break;
case ZT_GETGAINS: /* get gain stuff */
if (copy_from_user(&stack.gain,(struct zt_gains *) data,sizeof(stack.gain)))
- return -EIO;
+ return -EFAULT;
i = stack.gain.chan; /* get channel no */
/* if zero, use current channel no */
if (!i) i = unit;
@@ -2875,11 +2880,11 @@
stack.gain.rxgain[j] = chans[i]->rxgain[j];
}
if (copy_to_user((struct zt_gains *) data,&stack.gain,sizeof(stack.gain)))
- return -EIO;
+ return -EFAULT;
break;
case ZT_SETGAINS: /* set gain stuff */
if (copy_from_user(&stack.gain,(struct zt_gains *) data,sizeof(stack.gain)))
- return -EIO;
+ return -EFAULT;
i = stack.gain.chan; /* get channel no */
/* if zero, use current channel no */
if (!i) i = unit;
@@ -2912,10 +2917,11 @@
chans[i]->gainalloc = 0;
}
if (copy_to_user((struct zt_gains *) data,&stack.gain,sizeof(stack.gain)))
- return -EIO;
+ return -EFAULT;
break;
case ZT_SPANSTAT:
- copy_from_user(&stack.span,(struct zt_spaninfo *) data,sizeof(stack.span));
+ if (copy_from_user(&stack.span,(struct zt_spaninfo *) data,sizeof(stack.span)))
+ return -EFAULT;
i = stack.span.spanno; /* get specified span number */
if ((i < 0) || (i >= maxspans)) return(-EINVAL); /* if bad span no */
if (i == 0) /* if to figure it out for this chan */
@@ -2945,7 +2951,8 @@
for (j=0; j < spans[i]->channels; j++)
if (spans[i]->chans[j].sig)
stack.span.numchans++;
- copy_to_user((struct zt_spaninfo *) data,&stack.span,sizeof(stack.span));
+ if (copy_to_user((struct zt_spaninfo *) data,&stack.span,sizeof(stack.span)))
+ return -EFAULT;
break;
#ifdef ALLOW_CHAN_DIAG
case ZT_CHANDIAG:
@@ -3333,7 +3340,7 @@
return 0;
case ZT_SET_DIALPARAMS:
if (copy_from_user(&tdp, (struct zt_dialparams *)data, sizeof(tdp)))
- return -EIO;
+ return -EFAULT;
if ((tdp.dtmf_tonelen > 4000) || (tdp.dtmf_tonelen < 10))
return -EINVAL;
if ((tdp.mfv1_tonelen > 4000) || (tdp.mfv1_tonelen < 10))
@@ -3355,12 +3362,12 @@
tdp.reserved[2] = 0;
tdp.reserved[3] = 0;
if (copy_to_user((struct zt_dialparams *)data, &tdp, sizeof(tdp)))
- return -EIO;
+ return -EFAULT;
break;
case ZT_MAINT: /* do maintence stuff */
/* get struct from user */
- if (copy_from_user(&maint,(struct zt_maintinfo *) data,
- sizeof(maint))) return -EIO;
+ if (copy_from_user(&maint,(struct zt_maintinfo *) data, sizeof(maint)))
+ return -EFAULT;
/* must be valid span number */
if ((maint.spanno < 1) || (maint.spanno > ZT_MAX_SPANS) || (!spans[maint.spanno]))
return -EINVAL;
@@ -3435,11 +3442,11 @@
j = chan->dialing;
spin_unlock_irqrestore(&chan->lock, flags);
if (copy_to_user((int *)data,&j,sizeof(int)))
- return -EIO;
+ return -EFAULT;
return 0;
case ZT_DIAL:
if (copy_from_user(&stack.tdo, (struct zt_dialoperation *)data, sizeof(stack.tdo)))
- return -EIO;
+ return -EFAULT;
rv = 0;
/* Force proper NULL termination */
stack.tdo.dialstr[ZT_MAX_DTMF_BUF - 1] = '\0';
@@ -3484,11 +3491,11 @@
stack.bi.readbufs = -1;
stack.bi.writebufs = -1;
if (copy_to_user((struct zt_bufferinfo *)data, &stack.bi, sizeof(stack.bi)))
- return -EIO;
+ return -EFAULT;
break;
case ZT_SET_BUFINFO:
if (copy_from_user(&stack.bi, (struct zt_bufferinfo *)data, sizeof(stack.bi)))
- return -EIO;
+ return -EFAULT;
if (stack.bi.bufsize > ZT_MAX_BLOCKSIZE)
return -EINVAL;
if (stack.bi.bufsize < 16)
@@ -3667,7 +3674,8 @@
spin_unlock_irqrestore(&chan->lock, flags);
return rv;
case ZT_GETCONF: /* get conf stuff */
- copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf));
+ if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)))
+ return -EFAULT;
i = stack.conf.chan; /* get channel no */
/* if zero, use current channel no */
if (!i) i = chan->channo;
@@ -3677,10 +3685,12 @@
stack.conf.chan = i; /* get channel number */
stack.conf.confno = chans[i]->confna; /* get conference number */
stack.conf.confmode = chans[i]->confmode; /* get conference mode */
- copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf));
+ if (copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf)))
+ return -EFAULT;
break;
case ZT_SETCONF: /* set conf stuff */
- copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf));
+ if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)))
+ return -EFAULT;
i = stack.conf.chan; /* get channel no */
/* if zero, use current channel no */
if (!i) i = chan->channo;
@@ -3739,11 +3749,13 @@
}
spin_unlock_irqrestore(&chan->lock, flags);
spin_unlock_irqrestore(&bigzaplock, flagso);
- copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf));
+ if (copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf)))
+ return -EFAULT;
break;
case ZT_CONFLINK: /* do conf link stuff */
if (!(chan->flags & ZT_FLAG_AUDIO)) return (-EINVAL);
- copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf));
+ if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)))
+ return -EFAULT;
/* check sanity of arguments */
if ((stack.conf.chan < 0) || (stack.conf.chan > ZT_MAX_CONF)) return(-EINVAL);
if ((stack.conf.confno < 0) || (stack.conf.confno > ZT_MAX_CONF)) return(-EINVAL);
@@ -3868,7 +3880,7 @@
if (data) {
/* Use specific ring cadence */
if (copy_from_user(&stack.cad, (struct zt_ring_cadence *)data, sizeof(stack.cad)))
- return -EIO;
+ return -EFAULT;
memcpy(chan->ringcadence, &stack.cad, sizeof(chan->ringcadence));
chan->firstcadencepos = 0;
/* Looking for negative ringing time indicating where to loop back into ringcadence */
More information about the svn-commits
mailing list