[PATCH] fs: nfs: Fix readlink max size check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We must at maximum use all remaining bytes from the packet. This means
we have to set length to the *minimum* of the desired length and the
remaining bytes, not the *maximum*.
/me goes hiding somewhere...

Fixes: 574ce99401 ("fs: nfs: Fix possible buffer overflow")
Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
 fs/nfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs.c b/fs/nfs.c
index c281a2ba75..1130632eb3 100644
--- a/fs/nfs.c
+++ b/fs/nfs.c
@@ -1125,7 +1125,7 @@ static int nfs_readlink_req(struct nfs_priv *npriv, struct nfs_fh *fh,
 
 	len = ntoh32(net_read_uint32(p)); /* new path length */
 
-	len = max_t(unsigned int, len,
+	len = min_t(unsigned int, len,
 		    nfs_packet->len - sizeof(struct rpc_reply) - sizeof(uint32_t));
 
 	p++;
-- 
2.29.2


_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox



[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux