staging:iio:events: Make sure userspace buffer is large enough

Make sure that the userspace buffer is large enough to hold a iio_event_data
struct before writing to it.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@cam.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/staging/iio/industrialio-core.c b/drivers/staging/iio/industrialio-core.c
index fbf24bdc56d9f578c0a1d3deb6bada767091c88b..ee5e0640aa29b9a5a8f9dbca27b78951bb89e31d 100644 (file)
--- a/drivers/staging/iio/industrialio-core.c
+++ b/drivers/staging/iio/industrialio-core.c
@@ -169,8 +169,11 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
 {
        struct iio_event_interface *ev_int = filep->private_data;
        struct iio_detected_event_list *el;
+       size_t len = sizeof(el->ev);
        int ret;
-       size_t len;
+
+       if (count < len)
+               return -EINVAL;
 
        mutex_lock(&ev_int->event_list_lock);
        if (list_empty(&ev_int->det_events)) {
@@ -192,7 +195,6 @@ static ssize_t iio_event_chrdev_read(struct file *filep,
        el = list_first_entry(&ev_int->det_events,
                              struct iio_detected_event_list,
                              list);
-       len = sizeof el->ev;
        if (copy_to_user(buf, &(el->ev), len)) {
                ret = -EFAULT;
                goto error_mutex_unlock;