beceem: don't overrun user buffer on read
Serious bug in original code, if app reads 10 bytes but 20 byte msg
received memory would get overwritten.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index 1a25560..8089d19 100644
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -139,7 +139,7 @@
if(Packet)
{
PktLen = Packet->len;
- if(copy_to_user(buf, Packet->data, PktLen))
+ if(copy_to_user(buf, Packet->data, min_t(size_t, PktLen, size)))
{
dev_kfree_skb(Packet);
BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "\nReturning from copy to user failure \n");