sgi-gru: decrapfiy options_write() function
authorLinus Torvalds <torvalds@linux-foundation.org>
Thu, 5 Nov 2009 18:48:30 +0000 (10:48 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 5 Nov 2009 18:48:30 +0000 (10:48 -0800)
Not a single line of actual code in the function was really
fundamentally correct.

Problems ranged from lack of proper range checking, to removing the last
character written (which admittedly is usually '\n'), to not accepting
hex numbers even though the 'show' routine would show the data in that
format.

This tries to do better.

Acked-by: Michael Buesch <mb@bu3sch.de>
Tested-and-acked-by: Jack Steiner <steiner@sgi.com>
Cc: stable@kernel.org
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/misc/sgi-gru/gruprocfs.c

index ccd4408a26c73efe3efa11753ac64dbed0a55936..3f2375c5ba5bd3a98ef37f6e628474d507188197 100644 (file)
@@ -161,14 +161,15 @@ static int options_show(struct seq_file *s, void *p)
 static ssize_t options_write(struct file *file, const char __user *userbuf,
                             size_t count, loff_t *data)
 {
-       unsigned long val;
-       char buf[80];
+       char buf[20];
 
-       if (strncpy_from_user(buf, userbuf, sizeof(buf) - 1) < 0)
+       if (count >= sizeof(buf))
+               return -EINVAL;
+       if (copy_from_user(buf, userbuf, count))
                return -EFAULT;
-       buf[count - 1] = '\0';
-       if (!strict_strtoul(buf, 10, &val))
-               gru_options = val;
+       buf[count] = '\0';
+       if (strict_strtoul(buf, 0, &gru_options))
+               return -EINVAL;
 
        return count;
 }