drivers/net/tulip/de4x5.c: fix union member name in DE4X5_GET_REG ioctl

This was previously reported as a security issue due to leakage of
uninitialized stack memory.  Jeff Mahoney pointed out that this is
incorrect since the copied data is from a union (rather than a struct).
Therefore, this patch is only under consideration for the sake of
correctness, and is not security relevant.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Acked-by: Grant Grundler <grundler@parisc-linux.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/tulip/de4x5.c b/drivers/net/tulip/de4x5.c
index 4f75030634467100bbdebd1fcd2858312849844f..1d9fef74b39b7cec146f2f3a2872f983cf73718c 100644 (file)
--- a/drivers/net/tulip/de4x5.c
+++ b/drivers/net/tulip/de4x5.c
@@ -5474,7 +5474,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
        tmp.lval[6] = inl(DE4X5_STRR); j+=4;
        tmp.lval[7] = inl(DE4X5_SIGR); j+=4;
        ioc->len = j;
-       if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT;
+       if (copy_to_user(ioc->data, tmp.lval, ioc->len)) return -EFAULT;
        break;
 
 #define DE4X5_DUMP              0x0f /* Dump the DE4X5 Status */