Commit 18d9a2ca authored by Bryan Schumaker's avatar Bryan Schumaker Committed by J. Bruce Fields

NFSD: Correct the size calculation in fault_inject_write

If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().
Signed-off-by: default avatarBryan Schumaker <bjschuma@netapp.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 0a5c33e2
...@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf, ...@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
size_t len, loff_t *ppos) size_t len, loff_t *ppos)
{ {
char write_buf[INET6_ADDRSTRLEN]; char write_buf[INET6_ADDRSTRLEN];
size_t size = min(sizeof(write_buf), len) - 1; size_t size = min(sizeof(write_buf) - 1, len);
struct net *net = current->nsproxy->net_ns; struct net *net = current->nsproxy->net_ns;
struct sockaddr_storage sa; struct sockaddr_storage sa;
u64 val; u64 val;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment