patch-2.4.6 linux/drivers/telephony/ixj.c

• Lines: 71
• Date: Wed Jun 27 17:10:55 2001
• Orig file: v2.4.5/linux/drivers/telephony/ixj.c
• Orig date: Sat May 19 17:47:55 2001

diff -u --recursive --new-file v2.4.5/linux/drivers/telephony/ixj.c linux/drivers/telephony/ixj.c
@@ -4480,9 +4480,15 @@
 	if (lcp == NULL)
 		return -ENOMEM;
 	if (copy_from_user(lcp, (char *) cp, sizeof(IXJ_FILTER_CADENCE)))
+	{
+		kfree(lcp);
 		return -EFAULT;
+	}
 	if (lcp->filter >= 4)
+	{
+		kfree(lcp);
 		return -1;
+	}
 	j->cadence_f[lcp->filter].state = 0;
 	j->cadence_f[lcp->filter].enable = lcp->enable;
 	j->filter_en[lcp->filter] = j->cadence_f[lcp->filter].en_filter = lcp->en_filter;
@@ -4647,13 +4653,18 @@
 	}
 }
 
-static int capabilities_check(IXJ *j, struct phone_capability *pcreq)
+static int capabilities_check(IXJ *j, struct phone_capability *u_pcreq)
 {
 	int cnt;
 	int retval = 0;
+	struct phone_capability pcreq;
+	
+	if(copy_from_user(&pcreq, u_pcreq, sizeof(struct phone_capability)))
+		return -EFAULT;
+		
 	for (cnt = 0; cnt < j->caps; cnt++) {
-		if (pcreq->captype == j->caplist[cnt].captype
-		    && pcreq->cap == j->caplist[cnt].cap) {
+		if (pcreq.captype == j->caplist[cnt].captype
+		    && pcreq.cap == j->caplist[cnt].cap) {
 			retval = 1;
 			break;
 		}
@@ -4704,7 +4715,8 @@
 			return -EFAULT;
 		break;
 	case PHONE_RING_CADENCE:
-		j->ring_cadence = arg;
+		if(get_user(j->ring_cadence, (int *)arg))
+			return -EFAULT;
 		break;
 	case IXJCTL_CIDCW:
 		if(arg) {
@@ -6261,20 +6273,12 @@
 	return (((DWORD) wHi << 16) | wLo);
 }
 
-#ifndef CONFIG_PCMCIA
 #ifndef CONFIG_ISAPNP
-static int dspio[IXJMAX + 1] =
-{
-	0,
-};
-static int xio[IXJMAX + 1] =
-{
-	0,
-};
+static int dspio[IXJMAX + 1];
+static int xio[IXJMAX + 1];
 
 MODULE_PARM(dspio, "1-" __MODULE_STRING(IXJMAX) "i");
 MODULE_PARM(xio, "1-" __MODULE_STRING(IXJMAX) "i");
-#endif
 #endif
 
 void ixj_exit(void)