Commit 5d3fd692 authored Jan 04, 2009 by Stefan Richter

firewire: cdev: extend transaction payload size check



Make the size check of ioctl_send_request and
ioctl_send_broadcast_request speed dependent.  Also change the error
return code from -EINVAL to -EIO to distinguish this from other errors
concerning the ioctl parameters.

Another payload size limit for which we don't check here though is the
remote node's Bus_Info_Block.max_rec.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

parent 1566f3dc

drivers/firewire/fw-cdev.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -525,9 +525,8 @@ static int init_request(struct client *client,
		struct outbound_transaction_event *e;
		int ret;

		/* What is the biggest size we'll accept, really? */
		if (request->length > 4096)
		return -EINVAL;
		if (request->length > 4096 \|\| request->length > 512 << speed)
		return -EIO;

		e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
		if (e == NULL)