Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity

SUNRPC: Prevent length underflow in read_flush()

Browse source 
Make sure we compare an unsigned length to an unsigned count in
read_flush().

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
This commit is contained in:
Chuck Lever 2007-10-26 13:31:20 -04:00 committed by J. Bruce Fields
parent d4395e03fe
commit 01b2969a85
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
net/sunrpc/cache.c
View file

@ -1244,18 +1244,18 @@ static ssize_t read_flush(struct file *file, char __user *buf,
struct cache_detail *cd = PDE(file->f_path.dentry->d_inode)->data;
char tbuf[20];
unsigned long p = *ppos;
int len;
size_t len;
sprintf(tbuf, "%lu\n", cd->flush_time);
len = strlen(tbuf);
if (p >= len)
return 0;
len -= p;
if (len > count) len = count;
if (len > count)
len = count;
if (copy_to_user(buf, (void*)(tbuf+p), len))
len = -EFAULT;
else
*ppos += len;
return -EFAULT;
*ppos += len;
return len;
}