> Ah thanks, that makes more sense. But, copy_to_user is only working on
> namelen bytes, and reclen is bigger than that. So, who is checking the
> value for the buf->current_dir pointer?
Look at the thing again. Especially at the place where reclen is calculated.
Notice the calls of put_user() before and after copy_to_user(). Add them
up. Round.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/