From bc9d7fd6b38dbe4da110a2e2f75fb6451a24af80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20L=C3=B6pke?= <loepke@edfritsch.de> Date: Mon, 9 May 2016 07:33:45 +0200 Subject: [PATCH] Added error handling in chardev_write if faulty memory is given. --- 20160425/chardev-1write.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/20160425/chardev-1write.c b/20160425/chardev-1write.c index 1f2701e..f592326 100644 --- a/20160425/chardev-1write.c +++ b/20160425/chardev-1write.c @@ -192,10 +192,16 @@ device_write(struct file *filp, const char *buff, size_t len, loff_t * off) } else { int i; - for(i = 0; i < len; i++) //Save the given string - get_user(msg_username[i], buff + i); + for(i = 0; i < len; i++) {//Save the given string + if(get_user(msg_username[i], buff + i) < 0) { //If returning error code + printk(KERN_WARNING "%s: You want to play a trick on me! This memory does not belong to you!\n", + DEVICE_NAME); + return -EFAULT; //Stop reading from userspace. + } + //msg_username[i] = buff[i]; //Heres was the CRASH - //printk(KERN_INFO "Got %c at %d from %d bytes.\n", buff[i], i, (int)len); + //printk(KERN_INFO "Got %c at %d from %d bytes.\n", buff[i], i, len); + } for(i = len; i < USERBUF_LEN; i++) //Zeroing the rest of mem msg_username[i] = 0; printk(KERN_INFO "%s: Successfully got %d bytes!\n", -- GitLab