NFSD: Correct the size calculation in fault_inject_write
If len == 0 we end up with size = (0 - 1), which could cause bad things to happen in copy_from_user(). Signed-off-by: Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
Bryan Schumaker
J. Bruce Fields
Родитель
0a5c33e23c
Коммит
18d9a2ca2e
|
|
@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
|
||||||
size_t len, loff_t *ppos)
|
size_t len, loff_t *ppos)
|
||||||
{
|
{
|
||||||
char write_buf[INET6_ADDRSTRLEN];
|
char write_buf[INET6_ADDRSTRLEN];
|
||||||
size_t size = min(sizeof(write_buf), len) - 1;
|
size_t size = min(sizeof(write_buf) - 1, len);
|
||||||
struct net *net = current->nsproxy->net_ns;
|
struct net *net = current->nsproxy->net_ns;
|
||||||
struct sockaddr_storage sa;
|
struct sockaddr_storage sa;
|
||||||
u64 val;
|
u64 val;
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче