[PATCH] fs: nfs: Fix readlink max size check

Sascha Hauer s.hauer at pengutronix.de
Tue May 11 01:53:04 PDT 2021

We must at maximum use all remaining bytes from the packet. This means
we have to set length to the *minimum* of the desired length and the
remaining bytes, not the *maximum*.
/me goes hiding somewhere...

Fixes: 574ce99401 ("fs: nfs: Fix possible buffer overflow")
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
 fs/nfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs.c b/fs/nfs.c
index c281a2ba75..1130632eb3 100644
--- a/fs/nfs.c
+++ b/fs/nfs.c
@@ -1125,7 +1125,7 @@ static int nfs_readlink_req(struct nfs_priv *npriv, struct nfs_fh *fh,
 	len = ntoh32(net_read_uint32(p)); /* new path length */
-	len = max_t(unsigned int, len,
+	len = min_t(unsigned int, len,
 		    nfs_packet->len - sizeof(struct rpc_reply) - sizeof(uint32_t));

More information about the barebox mailing list