Hi!
> >+ if (copy_from_user(&udev->user_dev, buffer,
> >+ sizeof(struct uleds_user_dev))) {
> >+ ret = -EFAULT;
> >+ goto out;
> >+ }
> >+
> >+ if (!udev->user_dev.name[0]) {
> >+ ret = -EINVAL;
> >+ goto out;
> >+ }
> >+
> >+ ret = led_classdev_register(NULL, &udev->led_cdev);
> >+ if (ret < 0)
> >+ goto out;
No sanity checking on the name -> probably a security hole. Do not
push this upstream before this is fixed.
Thanks,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
