Staging: bcm: copying more data than intended

This was changed to bcm_flash2x_cs_info instead of bcm_flash_cs_info
when we got rid of the typedefs.  bcm_flash2x_cs_info is quite a bit
larger than bcm_flash_cs_info (436 bytes instead of 96) so it would
corrupt user memory and it's an info leak.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index 4ba1a5d..491e2bf 100644 (file)
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -1792,7 +1792,7 @@ cntrlEnd:
                        if (IoBuffer.OutputLength < sizeof(struct bcm_flash_cs_info))
                                return -EINVAL;
 
-                       if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash2x_cs_info)))
+                       if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(struct bcm_flash_cs_info)))
                                return -EFAULT;
                }
        }