Re: [PATCH] nfs client, kernel 2.4.31: readlink result overflow

From: Valdis . Kletnieks
Date: Mon Sep 12 2005 - 15:54:23 EST

Next message: Andrew Morton: "Re: 2.6.13-mm3"
Previous message: Andrew Morton: "Re: [PATCH 2.6.13.1] Patch for invisible threads"
In reply to: Assar: "Re: [PATCH] nfs client, kernel 2.4.31: readlink result overflow"
Next in thread: Marcelo Tosatti: "Re: [PATCH] nfs client, kernel 2.4.31: readlink result overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 12 Sep 2005 16:41:19 EDT, Assar said:
> Valdis.Kletnieks@xxxxxx writes:
> > > To my reading, the 2.6.13 code does not copy the 4 bytes of length to
> > > rcvbuf.
> >
> > Hmm... it still does this:
> > kaddr[len+rcvbuf->page_base] = '\0';
> > which still has a possible off-by-one? (Was that why you have -1 -4?)
>
> The check is different. 2.6.13 is using ">=" instead of ">", so hence
> I think that's fine.

Argh. Where's my reading glasses? ;) Yes, a >= check works there....

> + if (len > rcvbuf->page_len - sizeof(*strlen) - 1)
> + len = rcvbuf->page_len - sizeof(*strlen) - 1;

OK, looks saner to me, but Trond and Marcelo probably get to make the final decision ;)

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Andrew Morton: "Re: 2.6.13-mm3"
Previous message: Andrew Morton: "Re: [PATCH 2.6.13.1] Patch for invisible threads"
In reply to: Assar: "Re: [PATCH] nfs client, kernel 2.4.31: readlink result overflow"
Next in thread: Marcelo Tosatti: "Re: [PATCH] nfs client, kernel 2.4.31: readlink result overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]