Re: [patch] nfsd: don't allow zero length strings in cache_parse()

From: J. Bruce Fields
Date: Wed Jan 18 2012 - 17:41:14 EST


On Wed, Jan 18, 2012 at 12:56:02PM +0300, Dan Carpenter wrote:
> There is no point in passing a zero length string here and quite a
> few of that cache_parse() implementations will Oops if count is
> zero.

Thanks, I'll apply.

Could we clean up any checks in cache_parse() that are unnecessary now?

--b.

>
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
> index 465df9a..8c6598e 100644
> --- a/net/sunrpc/cache.c
> +++ b/net/sunrpc/cache.c
> @@ -828,6 +828,8 @@ static ssize_t cache_do_downcall(char *kaddr, const char __user *buf,
> {
> ssize_t ret;
>
> + if (count == 0)
> + return -EINVAL;
> if (copy_from_user(kaddr, buf, count))
> return -EFAULT;
> kaddr[count] = '\0';


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/