Index: zaptel.c =================================================================== RCS file: /usr/cvsroot/zaptel/zaptel.c,v retrieving revision 1.118 diff -u -r1.118 zaptel.c --- zaptel.c 26 Sep 2005 23:30:24 -0000 1.118 +++ zaptel.c 28 Sep 2005 14:37:13 -0000 @@ -1758,7 +1758,8 @@ } chan->writen[chan->inwritebuf] = amnt >> 1; } else { - copy_from_user(chan->writebuf[chan->inwritebuf], usrbuf, amnt); + if (copy_from_user(chan->writebuf[chan->inwritebuf], usrbuf, amnt)) + return -EFAULT; chan->writen[chan->inwritebuf] = amnt; } chan->writeidx[chan->inwritebuf] = 0; @@ -2405,7 +2406,8 @@ memset(samples, 0, sizeof(samples)); /* XXX Unnecessary XXX */ memset(next, 0, sizeof(next)); - copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th)); + if (copy_from_user(&th, (struct zt_tone_def_header *)data, sizeof(th))) + return -EFAULT; if ((th.count < 0) || (th.count > MAX_TONES)) { printk("Too many tones included\n"); return -EINVAL; @@ -2436,7 +2438,7 @@ } if (copy_from_user(&td, (struct zt_tone_def *)data, sizeof(struct zt_tone_def))) { kfree(slab); - return -EIO; + return -EFAULT; } /* Index the current sample */ samples[x] = t = (struct zt_tone *)ptr; @@ -2757,7 +2759,8 @@ switch(cmd) { case ZT_GET_PARAMS: /* get channel timing parameters */ - copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param)); + if (copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param))) + return -EFAULT; /* Pick the right channo's */ if (!stack.param.channo || unit) { stack.param.channo = unit; @@ -2817,10 +2820,12 @@ stack.param.curlaw = ZT_LAW_ALAW; else stack.param.curlaw = ZT_LAW_MULAW; - copy_to_user((struct zt_params *)data,&stack.param,sizeof(stack.param)); + if (copy_to_user((struct zt_params *)data,&stack.param,sizeof(stack.param))) + return -EFAULT; break; case ZT_SET_PARAMS: /* set channel timing stack.paramters */ - copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param)); + if (copy_from_user(&stack.param,(struct zt_params *)data,sizeof(stack.param))) + return -EFAULT; /* Pick the right channo's */ if (!stack.param.channo || unit) { stack.param.channo = unit; @@ -2848,7 +2853,7 @@ break; case ZT_GETGAINS: /* get gain stuff */ if (copy_from_user(&stack.gain,(struct zt_gains *) data,sizeof(stack.gain))) - return -EIO; + return -EFAULT; i = stack.gain.chan; /* get channel no */ /* if zero, use current channel no */ if (!i) i = unit; @@ -2862,11 +2867,11 @@ stack.gain.rxgain[j] = chans[i]->rxgain[j]; } if (copy_to_user((struct zt_gains *) data,&stack.gain,sizeof(stack.gain))) - return -EIO; + return -EFAULT; break; case ZT_SETGAINS: /* set gain stuff */ if (copy_from_user(&stack.gain,(struct zt_gains *) data,sizeof(stack.gain))) - return -EIO; + return -EFAULT; i = stack.gain.chan; /* get channel no */ /* if zero, use current channel no */ if (!i) i = unit; @@ -2899,10 +2904,11 @@ chans[i]->gainalloc = 0; } if (copy_to_user((struct zt_gains *) data,&stack.gain,sizeof(stack.gain))) - return -EIO; + return -EFAULT; break; case ZT_SPANSTAT: - copy_from_user(&stack.span,(struct zt_spaninfo *) data,sizeof(stack.span)); + if (copy_from_user(&stack.span,(struct zt_spaninfo *) data,sizeof(stack.span))) + return -EFAULT; i = stack.span.spanno; /* get specified span number */ if ((i < 0) || (i >= maxspans)) return(-EINVAL); /* if bad span no */ if (i == 0) /* if to figure it out for this chan */ @@ -2932,7 +2938,8 @@ for (j=0; j < spans[i]->channels; j++) if (spans[i]->chans[j].sig) stack.span.numchans++; - copy_to_user((struct zt_spaninfo *) data,&stack.span,sizeof(stack.span)); + if (copy_to_user((struct zt_spaninfo *) data,&stack.span,sizeof(stack.span))) + return -EFAULT; break; #ifdef ALLOW_CHAN_DIAG case ZT_CHANDIAG: @@ -3320,7 +3327,7 @@ return 0; case ZT_SET_DIALPARAMS: if (copy_from_user(&tdp, (struct zt_dialparams *)data, sizeof(tdp))) - return -EIO; + return -EFAULT; if ((tdp.dtmf_tonelen > 4000) || (tdp.dtmf_tonelen < 10)) return -EINVAL; if ((tdp.mfv1_tonelen > 4000) || (tdp.mfv1_tonelen < 10)) @@ -3342,12 +3349,12 @@ tdp.reserved[2] = 0; tdp.reserved[3] = 0; if (copy_to_user((struct zt_dialparams *)data, &tdp, sizeof(tdp))) - return -EIO; + return -EFAULT; break; case ZT_MAINT: /* do maintence stuff */ /* get struct from user */ - if (copy_from_user(&maint,(struct zt_maintinfo *) data, - sizeof(maint))) return -EIO; + if (copy_from_user(&maint,(struct zt_maintinfo *) data, sizeof(maint))) + return -EFAULT; /* must be valid span number */ if ((maint.spanno < 1) || (maint.spanno > ZT_MAX_SPANS) || (!spans[maint.spanno])) return -EINVAL; @@ -3422,11 +3429,11 @@ j = chan->dialing; spin_unlock_irqrestore(&chan->lock, flags); if (copy_to_user((int *)data,&j,sizeof(int))) - return -EIO; + return -EFAULT; return 0; case ZT_DIAL: if (copy_from_user(&stack.tdo, (struct zt_dialoperation *)data, sizeof(stack.tdo))) - return -EIO; + return -EFAULT; rv = 0; /* Force proper NULL termination */ stack.tdo.dialstr[ZT_MAX_DTMF_BUF - 1] = '\0'; @@ -3471,11 +3478,11 @@ stack.bi.readbufs = -1; stack.bi.writebufs = -1; if (copy_to_user((struct zt_bufferinfo *)data, &stack.bi, sizeof(stack.bi))) - return -EIO; + return -EFAULT; break; case ZT_SET_BUFINFO: if (copy_from_user(&stack.bi, (struct zt_bufferinfo *)data, sizeof(stack.bi))) - return -EIO; + return -EFAULT; if (stack.bi.bufsize > ZT_MAX_BLOCKSIZE) return -EINVAL; if (stack.bi.bufsize < 16) @@ -3654,7 +3661,8 @@ spin_unlock_irqrestore(&chan->lock, flags); return rv; case ZT_GETCONF: /* get conf stuff */ - copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)); + if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf))) + return -EFAULT; i = stack.conf.chan; /* get channel no */ /* if zero, use current channel no */ if (!i) i = chan->channo; @@ -3664,10 +3672,12 @@ stack.conf.chan = i; /* get channel number */ stack.conf.confno = chans[i]->confna; /* get conference number */ stack.conf.confmode = chans[i]->confmode; /* get conference mode */ - copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf)); + if (copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf))) + return -EFAULT; break; case ZT_SETCONF: /* set conf stuff */ - copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)); + if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf))) + return -EFAULT; i = stack.conf.chan; /* get channel no */ /* if zero, use current channel no */ if (!i) i = chan->channo; @@ -3726,11 +3736,13 @@ } spin_unlock_irqrestore(&chan->lock, flags); spin_unlock_irqrestore(&bigzaplock, flagso); - copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf)); + if (copy_to_user((struct zt_confinfo *) data,&stack.conf,sizeof(stack.conf))) + return -EFAULT; break; case ZT_CONFLINK: /* do conf link stuff */ if (!(chan->flags & ZT_FLAG_AUDIO)) return (-EINVAL); - copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf)); + if (copy_from_user(&stack.conf,(struct zt_confinfo *) data,sizeof(stack.conf))) + return -EFAULT; /* check sanity of arguments */ if ((stack.conf.chan < 0) || (stack.conf.chan > ZT_MAX_CONF)) return(-EINVAL); if ((stack.conf.confno < 0) || (stack.conf.confno > ZT_MAX_CONF)) return(-EINVAL); @@ -3855,7 +3867,7 @@ if (data) { /* Use specific ring cadence */ if (copy_from_user(&stack.cad, (struct zt_ring_cadence *)data, sizeof(stack.cad))) - return -EIO; + return -EFAULT; memcpy(chan->ringcadence, &stack.cad, sizeof(chan->ringcadence)); chan->firstcadencepos = 0; /* Looking for negative ringing time indicating where to loop back into ringcadence */