summaryrefslogtreecommitdiff
path: root/drivers/firewire
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2009-01-04 16:23:29 +0100
committerStefan Richter <stefanr@s5r6.in-berlin.de>2009-03-24 20:56:45 +0100
commit5d3fd692a7196a9045fb606f891f5987959b65a0 (patch)
treef5dd0b2db4171ea05c70035e29b2cc7ff7f82850 /drivers/firewire
parent1566f3dc3e5986a16c7bbb3bb95bb691251a8d25 (diff)
firewire: cdev: extend transaction payload size check
Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'drivers/firewire')
-rw-r--r--drivers/firewire/fw-cdev.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index d48fa1c23a77..6b33f15584cb 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -525,9 +525,8 @@ static int init_request(struct client *client,
struct outbound_transaction_event *e;
int ret;
- /* What is the biggest size we'll accept, really? */
- if (request->length > 4096)
- return -EINVAL;
+ if (request->length > 4096 || request->length > 512 << speed)
+ return -EIO;
e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
if (e == NULL)