diff mbox

[2/2] NFSD: Correct the size calculation in fault_inject_write

Message ID 1354915049-6892-2-git-send-email-bjschuma@netapp.com (mailing list archive)
State New, archived
Headers show

Commit Message

Bryan Schumaker Dec. 7, 2012, 9:17 p.m. UTC 
From: Bryan Schumaker <bjschuma@netapp.com>

If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
---
 fs/nfsd/fault_inject.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox

Patch

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 7a7b079..e761ee9 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -122,7 +122,7 @@  static ssize_t fault_inject_write(struct file *file, const char __user *buf,
 				  size_t len, loff_t *ppos)
 {
 	char write_buf[INET6_ADDRSTRLEN];
-	size_t size = min(sizeof(write_buf), len) - 1;
+	size_t size = min(sizeof(write_buf) - 1, len);
 	struct net *net = current->nsproxy->net_ns;
 	struct sockaddr_storage sa;
 	u64 val;