From: David van Moolenbroek <david@minix3.org>
Date: Tue, 22 Oct 2013 14:00:02 +0000 (+0000)
Subject: libbdev: fix IOCTL grant access bug
X-Git-Tag: v3.3.0~738
X-Git-Url: http://zhaoyanbai.com/repos/cppcheck.log?a=commitdiff_plain;h=refs%2Fchanges%2F58%2F1058%2F1;p=minix.git

libbdev: fix IOCTL grant access bug

Reported by Coverity.

Change-Id: I34983312bebd9bf2449412b7dfa691ed208867ea
---

diff --git a/lib/libbdev/bdev.c b/lib/libbdev/bdev.c
index b950368f5..f8eafb9c9 100644
--- a/lib/libbdev/bdev.c
+++ b/lib/libbdev/bdev.c
@@ -323,8 +323,8 @@ static int bdev_ioctl_setup(dev_t dev, int request, void *buf, message *m)
 	size = _MINIX_IOCTL_SIZE(request);
 
   access = 0;
-  if (_MINIX_IOCTL_IOR(access)) access |= CPF_WRITE;
-  if (_MINIX_IOCTL_IOW(access)) access |= CPF_READ;
+  if (_MINIX_IOCTL_IOR(request)) access |= CPF_WRITE;
+  if (_MINIX_IOCTL_IOW(request)) access |= CPF_READ;
 
   /* The size may be 0, in which case 'buf' need not be a valid pointer. */
   grant = cpf_grant_direct(endpt, (vir_bytes) buf, size, access);