s390/keyboard: use memdup_user_nul()

author Muhammad Falak R Wani <falakreyaz@gmail.com>

Fri, 20 May 2016 13:21:20 +0000 (18:51 +0530)

committer Martin Schwidefsky <schwidefsky@de.ibm.com>

Mon, 13 Jun 2016 13:58:12 +0000 (15:58 +0200)
author Muhammad Falak R Wani <falakreyaz@gmail.com>
Fri, 20 May 2016 13:21:20 +0000 (18:51 +0530)
committer Martin Schwidefsky <schwidefsky@de.ibm.com>
Mon, 13 Jun 2016 13:58:12 +0000 (15:58 +0200)
diff --git a/drivers/s390/char/keyboard.c b/drivers/s390/char/keyboard.c

index ef04a9f7a70494bea94032b7b4eb896eb11553a7..7b9c50aa4cc922973cb2cd758244f264b81849d1 100644 (file)
--- a/drivers/s390/char/keyboard.c
+++ b/drivers/s390/char/keyboard.c
@@ -438,18 +438,9 @@ do_kdgkb_ioctl(struct kbd_data *kbd, struct kbsentry __user *u_kbs,
                         return -EFAULT;
                 if (len > sizeof(u_kbs->kb_string))
                         return -EINVAL;
-               p = kmalloc(len, GFP_KERNEL);
-               if (!p)
-                       return -ENOMEM;
-               if (copy_from_user(p, u_kbs->kb_string, len)) {
-                       kfree(p);
-                       return -EFAULT;
-               }
-               /*
-                * Make sure the string is terminated by 0. User could have
-                * modified it between us running strnlen_user() and copying it.
-                */
-               p[len - 1] = 0;
+               p = memdup_user_nul(u_kbs->kb_string, len);
+               if (IS_ERR(p))
+                       return PTR_ERR(p);
                 kfree(kbd->func_table[kb_func]);
                 kbd->func_table[kb_func] = p;
                 break;
author	Muhammad Falak R Wani <falakreyaz@gmail.com>
	Fri, 20 May 2016 13:21:20 +0000 (18:51 +0530)
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>
	Mon, 13 Jun 2016 13:58:12 +0000 (15:58 +0200)