diff options
| author | Ralf Baechle <ralf@linux-mips.org> | 1999-06-17 13:25:08 +0000 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 1999-06-17 13:25:08 +0000 |
| commit | 59223edaa18759982db0a8aced0e77457d10c68e (patch) | |
| tree | 89354903b01fa0a447bffeefe00df3044495db2e /fs/ncpfs/ioctl.c | |
| parent | db7d4daea91e105e3859cf461d7e53b9b77454b2 (diff) | |
Merge with Linux 2.3.6. Sorry, this isn't tested on silicon, I don't
have a MIPS box at hand.
Diffstat (limited to 'fs/ncpfs/ioctl.c')
| -rw-r--r-- | fs/ncpfs/ioctl.c | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/fs/ncpfs/ioctl.c b/fs/ncpfs/ioctl.c index 8ada3752b..a7f767e38 100644 --- a/fs/ncpfs/ioctl.c +++ b/fs/ncpfs/ioctl.c @@ -33,6 +33,7 @@ int ncp_ioctl(struct inode *inode, struct file *filp, int result; struct ncp_ioctl_request request; struct ncp_fs_info info; + char* bouncebuffer; #ifdef NCP_IOC_GETMOUNTUID_INT /* remove after ncpfs-2.0.13/2.2.0 gets released */ @@ -57,12 +58,9 @@ int ncp_ioctl(struct inode *inode, struct file *filp, && (current->uid != server->m.mounted_uid)) { return -EACCES; } - if ((result = verify_area(VERIFY_READ, (char *) arg, - sizeof(request))) != 0) { - return result; - } - copy_from_user(&request, (struct ncp_ioctl_request *) arg, - sizeof(request)); + if (copy_from_user(&request, (struct ncp_ioctl_request *) arg, + sizeof(request))) + return -EFAULT; if ((request.function > 255) || (request.size > @@ -73,6 +71,13 @@ int ncp_ioctl(struct inode *inode, struct file *filp, NCP_PACKET_SIZE)) != 0) { return result; } + bouncebuffer = kmalloc(NCP_PACKET_SIZE, GFP_NFS); + if (!bouncebuffer) + return -ENOMEM; + if (copy_from_user(bouncebuffer, request.data, request.size)) { + kfree(bouncebuffer); + return -EFAULT; + } ncp_lock_server(server); /* FIXME: We hack around in the server's structures @@ -80,17 +85,22 @@ int ncp_ioctl(struct inode *inode, struct file *filp, server->has_subfunction = 0; server->current_size = request.size; - copy_from_user(server->packet, request.data, request.size); - - ncp_request(server, request.function); - - DPRINTK(KERN_DEBUG "ncp_ioctl: copy %d bytes\n", - server->reply_size); - copy_to_user(request.data, server->packet, server->reply_size); - + memcpy(server->packet, bouncebuffer, request.size); + + result = ncp_request2(server, request.function, + bouncebuffer, NCP_PACKET_SIZE); + if (result < 0) + result = -EIO; + else + result = server->reply_size; ncp_unlock_server(server); - - return server->reply_size; + DPRINTK(KERN_DEBUG "ncp_ioctl: copy %d bytes\n", + result); + if (result >= 0) + if (copy_to_user(request.data, bouncebuffer, result)) + result = -EFAULT; + kfree(bouncebuffer); + return result; case NCP_IOC_CONN_LOGGED_IN: |