From 92d07e422df3cc5370d0d9b95a671abb69d50ef1 Mon Sep 17 00:00:00 2001
From: Steve Holland <sdh4@iastate.edu>
Date: Thu, 18 Jun 2009 17:37:49 -0500
Subject: [PATCH] USB: usbtmc: inhibit corruption

Limit data copied to userspace to amount requested.  Prevents a faulty
instrument from overwriting user memory.

Signed-off-by: Steve Holland <sdh4@iastate.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 drivers/usb/class/usbtmc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c
index f2fde7cd61093..91d3a94eeaa01 100644
--- a/drivers/usb/class/usbtmc.c
+++ b/drivers/usb/class/usbtmc.c
@@ -473,6 +473,10 @@ static ssize_t usbtmc_read(struct file *filp, char __user *buf,
 			n_characters = this_part;
 		}
 
+		/* Bound amount of data received by amount of data requested */
+		if (n_characters > this_part)
+			n_characters = this_part;
+
 		/* Copy buffer to user space */
 		if (copy_to_user(buf + done, &buffer[12], n_characters)) {
 			/* There must have been an addressing problem */
-- 
GitLab