Thus, we don't leak any trailing bytes that may be in the name buffer.
unsigned int cmd, unsigned long arg)
{
struct elmcan *elm = get_elm(tty);
+ unsigned int tmp;
if (!elm)
return -EINVAL;
switch (cmd) {
case SIOCGIFNAME:
- if (copy_to_user((void __user *)arg, elm->dev->name, IFNAMSIZ)) {
+ tmp = strnlen(elm->dev->name, IFNAMSIZ - 1) + 1;
+ if (copy_to_user((void __user *)arg, elm->dev->name, tmp)) {
put_elm(elm);
return -EFAULT;
}