NFSD: Correct the size calculation in fault_inject_write

If len == 0 we end up with size = (0 - 1), which could cause bad things to happen in copy_from_user(). Signed-off-by: N Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com>

NFSD: Correct the size calculation in fault_inject_write
If len == 0 we end up with size = (0 - 1), which could cause bad things to happen in copy_from_user(). Signed-off-by: N Bryan Schumaker <bjschuma@netapp.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com>
18d9a2ca · Bryan Schumaker · J. Bruce Fields · 0a5c33e2 · 18d9a2ca
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/nfsd/fault_inject.c fs/nfsd/fault_inject.c +1 -1

未找到文件。
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
 				  size_t len, loff_t *ppos)
 {
 	char write_buf[INET6_ADDRSTRLEN];
-	size_t size = min(sizeof(write_buf), len) - 1;
+	size_t size = min(sizeof(write_buf) - 1, len);
 	struct net *net = current->nsproxy->net_ns;
 	struct sockaddr_storage sa;
 	u64 val;