]> err.no Git - linux-2.6/commit
nfsd: Fix handling of negative lengths in read_buf()
authorJ. Bruce Fields <bfields@citi.umich.edu>
Sun, 11 Nov 2007 20:43:12 +0000 (15:43 -0500)
committerJ. Bruce Fields <bfields@citi.umich.edu>
Fri, 1 Feb 2008 21:42:03 +0000 (16:42 -0500)
commitca2a05aa7c72309ee65164c78fa2be7a5038215e
treef362d7c14652dfea0d93508007f8fc87d10d6980
parenta490c681cbcf65d548138c377bb691c85824d323
nfsd: Fix handling of negative lengths in read_buf()

The length "nbytes" passed into read_buf should never be negative, but
we check only for too-large values of "nbytes", not for too-small
values.  Make nbytes unsigned, so it's clear that the former tests are
sufficient.  (Despite this read_buf() currently correctly returns an xdr
error in the case of a negative length, thanks to an unsigned
comparison with size_of() and bounds-checking in kmalloc().  This seems
very fragile, though.)

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
fs/nfsd/nfs4xdr.c