PATCH: fix radio-cadet build

PATCH: fix radio-cadet build

Post by Alan Co » Wed, 09 Apr 2003 02:50:20



diff -u --new-file --recursive --exclude-from /usr/src/exclude linux-2.5.67/drivers/media/radio/radio-cadet.c linux-2.5.67-ac1/drivers/media/radio/radio-cadet.c
--- linux-2.5.67/drivers/media/radio/radio-cadet.c      2003-04-08 00:37:36.000000000 +0100

        {.id = ""}
 };

-MODULE_DEVICE_TABLE(pnp, id_table);
+MODULE_DEVICE_TABLE(pnp, cadet_pnp_devices);

 static int cadet_pnp_probe(struct pnp_dev * dev, const struct pnp_device_id *dev_id)
 {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

1. [PATCH] radio-cadet.c bad copy_to_user

The Stanford checker said:
---------------------------------------------------------
[BUG] pass kernel pointer into copy_*_user. bug is in VIDIOCGTUNER.  
Should
not call copy_to_user on arg since arg is already in kernel space.

/home/junfeng/linux-2.5.63/drivers/media/radio/radio-
cadet.c:397:cadet_do_ioctl:
ERROR:TAINTED:397:397: dereferencing tainted ptr 'v' [Callstack: ]

        {
                case VIDIOCGCAP:
                {
                        struct video_capability *v = arg;
                        memset(v,0,sizeof(*v));

Error --->
                        v->type=VID_TYPE_TUNER;
                        v->channels=2;
                        v->audios=1;
                        strcpy(v->name, "ADS Cadet");
---------------------------------------------------------

As pointed out, 'v' is not tainted. The driver shouldn't be using  
copy_to_user() in cadet_do_ioctl() at all: cadet_do_ioctl() is being  
called by drivers/media/video/videodev.c:video_usercopy(), which has  
already copied the buffer 'arg' (aka 'v') into kernel space, and will  
copy it back after cadet_do_ioctl() returns. So all the direct 'v'  
accesses are correct.

--
Hollis Blanchard
IBM Linux Technology Center

  cadetradio-badcopy.txt
< 1K Download

2. TCP or UDP for NFS?

3. ADS Cadet Radio Card

4. Anyone know what the SCSI controller in an IBM Thinkpad is????

5. pnp - Convert Radio Cadet Driver (8/13)

6. Can I use a NEC 610+ printer?

7. pnp - Convert Radio Cadet Driver (9/12) 2.5.59-bk3

8. Is Lotus 123 available for Linux?

9. miro radio build fix

10. PATCH: cadet needless globals

11. PATCH: fix ALi 32bitisms, fix ALi FIFO, fix ALi IRQ crash

12. PATCH: fix orinoco build

13. PATCH: fix fd_mcs build for scsi changes, mca compt