| From 6d8d17499810479eabd10731179c04b2ca22152f Mon Sep 17 00:00:00 2001 |
| From: Dan Carpenter <dan.carpenter@oracle.com> |
| Date: Wed, 18 Jan 2012 12:56:02 +0300 |
| Subject: nfsd: don't allow zero length strings in cache_parse() |
| |
| From: Dan Carpenter <dan.carpenter@oracle.com> |
| |
| commit 6d8d17499810479eabd10731179c04b2ca22152f upstream. |
| |
| There is no point in passing a zero length string here and quite a |
| few of that cache_parse() implementations will Oops if count is |
| zero. |
| |
| Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Signed-off-by: J. Bruce Fields <bfields@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/sunrpc/cache.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/net/sunrpc/cache.c |
| +++ b/net/sunrpc/cache.c |
| @@ -828,6 +828,8 @@ static ssize_t cache_do_downcall(char *k |
| { |
| ssize_t ret; |
| |
| + if (count == 0) |
| + return -EINVAL; |
| if (copy_from_user(kaddr, buf, count)) |
| return -EFAULT; |
| kaddr[count] = '\0'; |