From cc991ff936e519c21f6d82dc9030caf1340416e4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Thu, 17 Jun 2010 21:29:51 +0200
Subject: Several fixes related to checks with copy_from/to_user.

---
 examples/new.c    | 5 +----
 ncr-data.c        | 9 ++++++++-
 ncr-key-storage.c | 1 +
 ncr-sessions.c    | 1 +
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/examples/new.c b/examples/new.c
index 72f1517..3cfc206 100644
--- a/examples/new.c
+++ b/examples/new.c
@@ -673,10 +673,6 @@ test_ncr_store_wrap_key(int cfd)
 	}
 
 	/* now export the unwrapped */
-	/* this cannot be performed like that, because unwrap
-	 * always sets keys as unexportable. Maybe we can implement
-	 * a data comparison ioctl().
-	 */
 	memset(&keydata, 0, sizeof(keydata));
 	keydata.key = key2;
 	keydata.data = dd;
@@ -687,6 +683,7 @@ test_ncr_store_wrap_key(int cfd)
 		return 1;
 	}
 
+	kdata.data = data;
 	if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_DATA_GET)");
diff --git a/ncr-data.c b/ncr-data.c
index 27aadd5..514763d 100644
--- a/ncr-data.c
+++ b/ncr-data.c
@@ -220,9 +220,16 @@ int ncr_data_get(struct list_sem_st* lst, void __user* arg)
 	get.data_size = len;
 	
 	ret = copy_to_user(arg, &get, sizeof(get));
+	if (unlikely(ret)) {
+		err();
+	}
 
-	if (ret == 0 && len > 0)
+	if (ret == 0 && len > 0) {
 		ret = copy_to_user(get.data, data->data, len);
+		if (unlikely(ret)) {
+			err();
+		}
+	}
 
 cleanup:
 	_ncr_data_item_put( data);
diff --git a/ncr-key-storage.c b/ncr-key-storage.c
index 5cdb9c6..a7b995d 100644
--- a/ncr-key-storage.c
+++ b/ncr-key-storage.c
@@ -88,6 +88,7 @@ int key_from_storage_data(struct key_item_st* key, const void* data, size_t data
 
 	key->type = pkey->type;
 	key->flags = pkey->flags;
+
 	key->algorithm = pkey->algorithm;
 	key->key_id_size = pkey->key_id_size;
 	memcpy(key->key_id, pkey->key_id, pkey->key_id_size);
diff --git a/ncr-sessions.c b/ncr-sessions.c
index 7ae96c0..69c0276 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -558,6 +558,7 @@ int ncr_session_once(struct ncr_lists* lists, void __user* arg)
 		err();
 		return ret;
 	}
+	kop.op.ses = kop.init.ses;
 
 	ret = _ncr_session_final(lists, &kop.op);
 	if (ret < 0) {
-- 
cgit