USB: usbtmc: inhibit corruption

Limit data copied to userspace to amount requested. Prevents a faulty instrument from overwriting user memory. Signed-off-by: Steve Holland <sdh4@iastate.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB: usbtmc: inhibit corruption
Limit data copied to userspace to amount requested. Prevents a faulty instrument from overwriting user memory. Signed-off-by: Steve Holland <sdh4@iastate.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
92d07e42 · Steve Holland · Greg Kroah-Hartman · c2cd26e1 · 92d07e42
Commit 92d07e42 authored Jun 18, 2009 by Steve Holland Committed by Greg Kroah-Hartman Sep 23, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

drivers/usb/class/usbtmc.c drivers/usb/class/usbtmc.c +4 -0

No files found.
--- a/drivers/usb/class/usbtmc.c
+++ b/drivers/usb/class/usbtmc.c
@@ -473,6 +473,10 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
 			n_characters = this_part;
 		}

+		/* Bound amount of data received by amount of data requested */
+		if (n_characters > this_part)
+			n_characters = this_part;
+
 		/* Copy buffer to user space */
 		if (copy_to_user(buf + done, &buffer[12], n_characters)) {
 			/* There must have been an addressing problem */