[PATCH] knfsd: Fix some minor sign problems in nfsd/xdr There are a couple of tests which could possibly be confused by extremely large numbers appearing in 'xdr' packets. I think the closest to an exploit you could get would be writing random data from a free page into a file - i.e. leak data out of kernel space. I'm fairly sure they cannot be used for remote compromise. Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 0ba7536d5d47e4ecf2259a80b207158dc4e711eb [log] [tgz]
author: NeilBrown <neilb@cse.unsw.edu.au> Mon Nov 07 01:00:26 2005 -0800
committer: Linus Torvalds <torvalds@g5.osdl.org> Mon Nov 07 07:53:48 2005 -0800
tree: 0e8528e65f25b9992cfad43e74018a0986f46c38
parent: 70c3b76c28b012452d63bb27f6d0517afb05d86f [diff] [blame]
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 5af8800..e4086ec 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h

@@ -171,7 +171,8 @@
 {
 	char *cp = (char *)p;
 	struct kvec *vec = &rqstp->rq_arg.head[0];
-	return cp - (char*)vec->iov_base <= vec->iov_len;
+	return cp >= (char*)vec->iov_base
+		&& cp <= (char*)vec->iov_base + vec->iov_len;
 }
 
 static inline int
commit	0ba7536d5d47e4ecf2259a80b207158dc4e711eb	[log] [tgz]
author	NeilBrown <neilb@cse.unsw.edu.au>	Mon Nov 07 01:00:26 2005 -0800
committer	Linus Torvalds <torvalds@g5.osdl.org>	Mon Nov 07 07:53:48 2005 -0800
tree	0e8528e65f25b9992cfad43e74018a0986f46c38
parent	70c3b76c28b012452d63bb27f6d0517afb05d86f [diff] [blame]