Skip to content

Commit

Permalink
NFSD: Correct the size calculation in fault_inject_write
Browse files Browse the repository at this point in the history 
If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
  • Loading branch information
Bryan Schumaker authored and J. Bruce Fields committed Dec 10, 2012
1 parent 0a5c33e commit 18d9a2c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/nfsd/fault_inject.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
size_t len, loff_t *ppos)
{
char write_buf[INET6_ADDRSTRLEN];
size_t size = min(sizeof(write_buf), len) - 1;
size_t size = min(sizeof(write_buf) - 1, len);
struct net *net = current->nsproxy->net_ns;
struct sockaddr_storage sa;
u64 val;
Expand Down

0 comments on commit 18d9a2c

Please sign in to comment.