From patchwork Sat May 15 09:46:36 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Julia Lawall <julia@diku.dk>
X-Patchwork-Id: 99806
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o4F9l1tf027688
	for <patchwork-linux-input@patchwork.kernel.org>;
	Sat, 15 May 2010 09:47:01 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752535Ab0EOJqm (ORCPT
	<rfc822;patchwork-linux-input@patchwork.kernel.org>);
	Sat, 15 May 2010 05:46:42 -0400
Received: from mgw2.diku.dk ([130.225.96.92]:53951 "EHLO mgw2.diku.dk"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752090Ab0EOJql (ORCPT <rfc822;linux-input@vger.kernel.org>);
	Sat, 15 May 2010 05:46:41 -0400
Received: from localhost (localhost [127.0.0.1])
	by mgw2.diku.dk (Postfix) with ESMTP id A1F2B19BB6D;
	Sat, 15 May 2010 11:46:40 +0200 (CEST)
Received: from mgw2.diku.dk ([127.0.0.1])
	by localhost (mgw2.diku.dk [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP
	id 01987-16; Sat, 15 May 2010 11:46:36 +0200 (CEST)
Received: from nhugin.diku.dk (nhugin.diku.dk [130.225.96.140])
	by mgw2.diku.dk (Postfix) with ESMTP id 6C39A19BB51;
	Sat, 15 May 2010 11:46:36 +0200 (CEST)
Received: from ask.diku.dk (ask.diku.dk [130.225.96.225])
	by nhugin.diku.dk (Postfix) with ESMTP
	id 8F9636DFD05; Sat, 15 May 2010 11:39:25 +0200 (CEST)
Received: by ask.diku.dk (Postfix, from userid 3767)
	id 513C2200BE; Sat, 15 May 2010 11:46:36 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by ask.diku.dk (Postfix) with ESMTP id 45B3F200BC;
	Sat, 15 May 2010 11:46:36 +0200 (CEST)
Date: Sat, 15 May 2010 11:46:36 +0200 (CEST)
From: Julia Lawall <julia@diku.dk>
To: Jiri Kosina <jkosina@suse.cz>, linux-input@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH 3/4] drivers/hid: Eliminate use after free
Message-ID: <Pine.LNX.4.64.1005151146120.15566@ask.diku.dk>
MIME-Version: 1.0
Sender: linux-input-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-input.vger.kernel.org>
X-Mailing-List: linux-input@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Sat, 15 May 2010 09:47:01 +0000 (UTC)


diff --git a/drivers/hid/hid-picolcd.c b/drivers/hid/hid-picolcd.c
index 95253b3..7aabf65 100644
--- a/drivers/hid/hid-picolcd.c
+++ b/drivers/hid/hid-picolcd.c
@@ -1616,7 +1616,7 @@ static ssize_t _picolcd_flash_write(struct picolcd_data *data, int report_id,
 		raw_data[len_off] = s > 32 ? 32 : s;
 		if (copy_from_user(raw_data+len_off+1, u, raw_data[len_off])) {
 			err = -EFAULT;
-			goto skip;
+			break;
 		}
 		resp = picolcd_send_and_wait(data->hdev, report_id, raw_data,
 				len_off+1+raw_data[len_off]);