USB: usbtmc: inhibit corruption
Limit data copied to userspace to amount requested. Prevents a faulty instrument from overwriting user memory. Signed-off-by: Steve Holland <sdh4@iastate.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
c2cd26e15b
commit
92d07e422d
1 changed files with 4 additions and 0 deletions
|
@ -473,6 +473,10 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
|
|||
n_characters = this_part;
|
||||
}
|
||||
|
||||
/* Bound amount of data received by amount of data requested */
|
||||
if (n_characters > this_part)
|
||||
n_characters = this_part;
|
||||
|
||||
/* Copy buffer to user space */
|
||||
if (copy_to_user(buf + done, &buffer[12], n_characters)) {
|
||||
/* There must have been an addressing problem */
|
||||
|
|
Loading…
Reference in a new issue