diff options
| author | hunt <hunt> | 2007-09-20 17:03:45 +0000 |
|---|---|---|
| committer | hunt <hunt> | 2007-09-20 17:03:45 +0000 |
| commit | 442b4b6f385258cf2b3d4687da46731bf62b2dad (patch) | |
| tree | c4627bcca4f786d253e34298074062e610d639d4 /runtime/transport/control.c | |
| parent | 58682eb3e856151c2132f68e5750504c2a85cc5a (diff) | |
| download | systemtap-steved-442b4b6f385258cf2b3d4687da46731bf62b2dad.tar.gz systemtap-steved-442b4b6f385258cf2b3d4687da46731bf62b2dad.tar.xz systemtap-steved-442b4b6f385258cf2b3d4687da46731bf62b2dad.zip | |
2007-09-20 Martin Hunt <hunt@redhat.com>
* transport.h: Increase default buffer size.
* control.c (_stp_ctl_read_cmd): Check buffer size.
Diffstat (limited to 'runtime/transport/control.c')
| -rw-r--r-- | runtime/transport/control.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/runtime/transport/control.c b/runtime/transport/control.c index 5242af49..6df9a8af 100644 --- a/runtime/transport/control.c +++ b/runtime/transport/control.c @@ -195,8 +195,6 @@ _stp_ctl_read_cmd (struct file *file, char __user *buf, size_t count, loff_t *pp int len; unsigned long flags; - /* FIXME FIXME FIXME. assuming count is large enough to hold buffer!! */ - /* wait for nonempty ready queue */ spin_lock_irqsave(&_stp_ready_lock, flags); while (list_empty(&_stp_ready_q)) { @@ -215,11 +213,12 @@ _stp_ctl_read_cmd (struct file *file, char __user *buf, size_t count, loff_t *pp /* write it out */ len = bptr->len + 4; - if (copy_to_user(buf, &bptr->type, len)) { + if (len > count || copy_to_user(buf, &bptr->type, len)) { /* now what? We took it off the queue then failed to send it */ /* we can't put it back on the queue because it will likely be out-of-order */ /* fortunately this should never happen */ /* FIXME need to mark this as a transport failure */ + errk("Supplied buffer too small. count:%d len:%d\n", count, len); return -EFAULT; } |