firewire: cdev: extend transaction payload size check Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

commit: 5d3fd692a7196a9045fb606f891f5987959b65a0 [log] [tgz]
author: Stefan Richter <stefanr@s5r6.in-berlin.de> Sun Jan 04 16:23:29 2009 +0100
committer: Stefan Richter <stefanr@s5r6.in-berlin.de> Tue Mar 24 20:56:45 2009 +0100
tree: f5dd0b2db4171ea05c70035e29b2cc7ff7f82850
parent: 1566f3dc3e5986a16c7bbb3bb95bb691251a8d25 [diff] [blame]
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index d48fa1c..6b33f15 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c

@@ -525,9 +525,8 @@
 	struct outbound_transaction_event *e;
 	int ret;
 
-	/* What is the biggest size we'll accept, really? */
-	if (request->length > 4096)
-		return -EINVAL;
+	if (request->length > 4096 || request->length > 512 << speed)
+		return -EIO;
 
 	e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
 	if (e == NULL)
commit	5d3fd692a7196a9045fb606f891f5987959b65a0	[log] [tgz]
author	Stefan Richter <stefanr@s5r6.in-berlin.de>	Sun Jan 04 16:23:29 2009 +0100
committer	Stefan Richter <stefanr@s5r6.in-berlin.de>	Tue Mar 24 20:56:45 2009 +0100
tree	f5dd0b2db4171ea05c70035e29b2cc7ff7f82850
parent	1566f3dc3e5986a16c7bbb3bb95bb691251a8d25 [diff] [blame]