[PATCH] fix dvb-net Oops

[Johannes Stezenbach]

Hi,

emard<at>softhome!net discovered an embarrasing bug in
dvb_net.c where the NET_REMOVE_IF ioctl will cause an
Oops when called with an invalid interface number.

The patch applies on top of the other dvb patches in linux-2.6.10-rc3-mm1
and should go into 2.6.10.

Signed-off-by: Johannes Stezenbach <js@xxxxxxxxxxx>

Johannes


--- linux-2.6.10-rc3-mm1/drivers/media/dvb/dvb-core/dvb_net.c.orig	2004-12-13 15:12:51.000000000 +0100
+++ linux-2.6.10-rc3-mm1/drivers/media/dvb/dvb-core/dvb_net.c	2004-12-13 15:34:28.000000000 +0100
@@ -1201,13 +1201,14 @@ static int dvb_net_add_if(struct dvb_net
 }
 
 
-static int dvb_net_remove_if(struct dvb_net *dvbnet, int num)
+static int dvb_net_remove_if(struct dvb_net *dvbnet, unsigned int num)
 {
 	struct net_device *net = dvbnet->device[num];
-	struct dvb_net_priv *priv = net->priv;
+	struct dvb_net_priv *priv;
 
 	if (!dvbnet->state[num])
 		return -EINVAL;
+	priv = net->priv;
 	if (priv->in_use)
 		return -EBUSY;
 
@@ -1268,10 +1269,18 @@ static int dvb_net_do_ioctl(struct inode
 		break;
 	}
 	case NET_REMOVE_IF:
+	{
+		int ret;
+
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;
-		module_put(dvbdev->adapter->module);
-		return dvb_net_remove_if(dvbnet, (int) (long) parg);
+		if ((unsigned int) parg >= DVB_NET_DEVICES_MAX)
+			return -EINVAL;
+		ret = dvb_net_remove_if(dvbnet, (unsigned int) parg);
+		if (!ret)
+			module_put(dvbdev->adapter->module);
+		return ret;
+	}
 
 	/* binary compatiblity cruft */
 	case __NET_ADD_IF_OLD:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/