From: J. Bruce Fields <bfields@citi.umich.edu>
Date: Sun, 11 Nov 2007 20:43:12 +0000 (-0500)
Subject: nfsd: Fix handling of negative lengths in read_buf()
X-Git-Tag: v2.6.25-rc1~1072^2~85
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca2a05aa7c72309ee65164c78fa2be7a5038215e;p=pandora-kernel.git

nfsd: Fix handling of negative lengths in read_buf()

The length "nbytes" passed into read_buf should never be negative, but
we check only for too-large values of "nbytes", not for too-small
values.  Make nbytes unsigned, so it's clear that the former tests are
sufficient.  (Despite this read_buf() currently correctly returns an xdr
error in the case of a negative length, thanks to an unsigned
comparison with size_of() and bounds-checking in kmalloc().  This seems
very fragile, though.)

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---

Reading git-diff-tree failed