Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

NFSD: Correct the size calculation in fault_inject_write

If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Bryan Schumaker 12 years ago
parent
0a5c33e23c
commit
18d9a2ca2e
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      fs/nfsd/fault_inject.c

+ 1 - 1
fs/nfsd/fault_inject.c
View File 

@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
 
 				  size_t len, loff_t *ppos)
 
 {
 
 	char write_buf[INET6_ADDRSTRLEN];
 
-	size_t size = min(sizeof(write_buf), len) - 1;
 
+	size_t size = min(sizeof(write_buf) - 1, len);
 
 	struct net *net = current->nsproxy->net_ns;
 
 	struct sockaddr_storage sa;
 
 	u64 val;