i2o: fix overflow of copy_to_user() If (len > reslen) we must not call copy_to_user() since kernel buffer is smaller than we want to copy. Similar code in this file is correct, so this bug was a typo. Signed-off-by: Kulikov Vasiliy <segooon@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: d929dc2bfd8a58c34f1df0680018fa8ea5caa907 [log] [tgz]
author: Kulikov Vasiliy <segooon@gmail.com> Tue Aug 10 18:02:03 2010 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Wed Aug 11 08:59:05 2010 -0700
tree: 4efe31c289c00b4ce00b30fce956df5401d6fdde
parent: 32fa45498f843fcf56087b8046d8319fcd455ef0 [diff] [blame]
diff --git a/drivers/message/i2o/i2o_config.c b/drivers/message/i2o/i2o_config.c
index c4b117f..4dd39a0 100644
--- a/drivers/message/i2o/i2o_config.c
+++ b/drivers/message/i2o/i2o_config.c

@@ -115,7 +115,7 @@
 	put_user(len, kcmd.reslen);
 	if (len > reslen)
 		ret = -ENOBUFS;
-	if (copy_to_user(kcmd.resbuf, (void *)hrt, len))
+	else if (copy_to_user(kcmd.resbuf, (void *)hrt, len))
 		ret = -EFAULT;
 
 	return ret;
commit	d929dc2bfd8a58c34f1df0680018fa8ea5caa907	[log] [tgz]
author	Kulikov Vasiliy <segooon@gmail.com>	Tue Aug 10 18:02:03 2010 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Wed Aug 11 08:59:05 2010 -0700
tree	4efe31c289c00b4ce00b30fce956df5401d6fdde
parent	32fa45498f843fcf56087b8046d8319fcd455ef0 [diff] [blame]