From: Domen Puncer <domen@coderock.org>
Subject: [KJ] [patch] isdn: copy_from_user size fix in sc/ioctl.c

A few lines above the patch we have:
	char *srec;
	srec = kmalloc(SCIOC_SRECSIZE, GFP_KERNEL);

sizeof pointer is probably not meant here.


Signed-off-by: Domen Puncer <domen@coderock.org>

---
 ioctl.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

Index: quilt/drivers/isdn/sc/ioctl.c
===================================================================
--- quilt.orig/drivers/isdn/sc/ioctl.c
+++ quilt/drivers/isdn/sc/ioctl.c
@@ -71,14 +71,14 @@ int sc_ioctl(int card, scs_ioctl *data)
 		/*
 		 * Get the SRec from user space
 		 */
-		if (copy_from_user(srec, data->dataptr, sizeof(srec))) {
+		if (copy_from_user(srec, data->dataptr, SCIOC_SRECSIZE)) {
 			kfree(rcvmsg);
 			kfree(srec);
 			return -EFAULT;
 		}
 
 		status = send_and_receive(card, CMPID, cmReqType2, cmReqClass0, cmReqLoadProc,
-				0, sizeof(srec), srec, rcvmsg, SAR_TIMEOUT);
+				0, SCIOC_SRECSIZE, srec, rcvmsg, SAR_TIMEOUT);
 		kfree(rcvmsg);
 		kfree(srec);