Re: [PATCH v3] leds: Introduce userspace leds driver

From: Jacek Anaszewski
Date: Thu Sep 15 2016 - 10:54:59 EST

Next message: Andrew Lunn: "Re: [PATCH V3 1/3] Documentation: devicetree: add qca8k binding"
Previous message: Jacek Anaszewski: "Re: [PATCH v2] leds: Introduce userspace leds driver"
In reply to: Jacek Anaszewski: "Re: [PATCH v3] leds: Introduce userspace leds driver"
Next in thread: David Lechner: "Re: [PATCH v3] leds: Introduce userspace leds driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Pavel,

On 09/15/2016 03:08 PM, Pavel Machek wrote:

Hi!

+ if (copy_from_user(&udev->user_dev, buffer,
+ sizeof(struct uleds_user_dev))) {
+ ret = -EFAULT;
+ goto out;
+ }
+
+ if (!udev->user_dev.name[0]) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = led_classdev_register(NULL, &udev->led_cdev);
+ if (ret < 0)
+ goto out;

No sanity checking on the name -> probably a security hole. Do not
push this upstream before this is fixed.

Thanks for catching this.

David, please check if the LED name sticks to the LED class
device naming convention.

And one thing that caught my eye only now - please use
devm_led_classdev_register().

For now I'm dropping the patch.

--
Best regards,
Jacek Anaszewski

Next message: Andrew Lunn: "Re: [PATCH V3 1/3] Documentation: devicetree: add qca8k binding"
Previous message: Jacek Anaszewski: "Re: [PATCH v2] leds: Introduce userspace leds driver"
In reply to: Jacek Anaszewski: "Re: [PATCH v3] leds: Introduce userspace leds driver"
Next in thread: David Lechner: "Re: [PATCH v3] leds: Introduce userspace leds driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]