From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758499Ab2JAXXX (ORCPT ); Mon, 1 Oct 2012 19:23:23 -0400 Received: from 1wt.eu ([62.212.114.60]:35350 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932904Ab2JAXBW (ORCPT ); Mon, 1 Oct 2012 19:01:22 -0400 Message-Id: <20121001225200.363096738@1wt.eu> User-Agent: quilt/0.48-1 Date: Tue, 02 Oct 2012 00:53:02 +0200 From: Willy Tarreau To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Dan Carpenter , "J. Bruce Fields" , Greg Kroah-Hartman , Willy Tarreau Subject: [ 065/180] nfsd: dont allow zero length strings in cache_parse() In-Reply-To: <6a854f579a99b4fe2efaca1057e8ae22@local> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2.6.32-longterm review patch. If anyone has any objections, please let me know. ------------------ From: Dan Carpenter commit 6d8d17499810479eabd10731179c04b2ca22152f upstream. There is no point in passing a zero length string here and quite a few of that cache_parse() implementations will Oops if count is zero. Signed-off-by: Dan Carpenter Signed-off-by: J. Bruce Fields Signed-off-by: Greg Kroah-Hartman Signed-off-by: Willy Tarreau --- net/sunrpc/cache.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c index 25f7801..e3fea46 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -719,6 +719,8 @@ static ssize_t cache_do_downcall(char *kaddr, const char __user *buf, { ssize_t ret; + if (count == 0) + return -EINVAL; if (copy_from_user(kaddr, buf, count)) return -EFAULT; kaddr[count] = '\0'; -- 1.7.2.1.45.g54fbc