SUNRPC: Prevent length underflow in read_flush()

Make sure we compare an unsigned length to an unsigned count in read_flush(). Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

SUNRPC: Prevent length underflow in read_flush()
Make sure we compare an unsigned length to an unsigned count in read_flush(). Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
01b2969a · Chuck Lever · J. Bruce Fields · d4395e03 · 01b2969a
Commit 01b2969a authored Oct 26, 2007 by Chuck Lever Committed by J. Bruce Fields Feb 01, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

net/sunrpc/cache.c net/sunrpc/cache.c +5 -5

No files found.
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -1244,18 +1244,18 @@ static ssize_t read_flush(struct file *file, char __user *buf,
 	struct cache_detail *cd = PDE(file->f_path.dentry->d_inode)->data;
 	char tbuf[20];
 	unsigned long p = *ppos;
-	int len;
+	size_t len;
 	sprintf(tbuf, "%lu\n", cd->flush_time);
 	len = strlen(tbuf);
 	if (p >= len)
 		return 0;
 	len -= p;
-	if (len > count) len = count;
+	if (len > count)
+		len = count;
 	if (copy_to_user(buf, (void*)(tbuf+p), len))
-		len = -EFAULT;
+		return -EFAULT;
-	else
+	*ppos += len;
-		*ppos += len;
 	return len;
 }