firewire: cdev: extend transaction payload size check
authorStefan Richter <stefanr@s5r6.in-berlin.de>
Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Tue, 24 Mar 2009 19:56:45 +0000 (20:56 +0100)
Make the size check of ioctl_send_request and
ioctl_send_broadcast_request speed dependent.  Also change the error
return code from -EINVAL to -EIO to distinguish this from other errors
concerning the ioctl parameters.

Another payload size limit for which we don't check here though is the
remote node's Bus_Info_Block.max_rec.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
drivers/firewire/fw-cdev.c

index d48fa1c23a7703bf0460b2461fd598027258ddd7..6b33f15584cb16906b14c4402f58588cef55aaf8 100644 (file)
@@ -525,9 +525,8 @@ static int init_request(struct client *client,
        struct outbound_transaction_event *e;
        int ret;
 
-       /* What is the biggest size we'll accept, really? */
-       if (request->length > 4096)
-               return -EINVAL;
+       if (request->length > 4096 || request->length > 512 << speed)
+               return -EIO;
 
        e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
        if (e == NULL)