diff options
author | Latchesar Ionkov <lucho@ionkov.net> | 2005-09-23 06:43:50 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-09-23 07:17:33 +0200 |
commit | 5b067676234715051cbde87083c36c8ea83f77b8 (patch) | |
tree | e6552ebec3b3cc18fad03d7e60feef80a0abe19e /fs/9p | |
parent | [PATCH] v9fs: make conv functions to check for conv buffer overflow (diff) | |
download | linux-5b067676234715051cbde87083c36c8ea83f77b8.tar.xz linux-5b067676234715051cbde87083c36c8ea83f77b8.zip |
[PATCH] v9fs: allocate the Rwalk qid array from the right conv buffer
When v9fs_deserealize_fcall deserializes a Rwalk message, it incorrectly
allocates space for the qid array in the source instead of the destination
buffer.
Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/9p')
-rw-r--r-- | fs/9p/conv.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/9p/conv.c b/fs/9p/conv.c index ac2241db2493..18121af99d3e 100644 --- a/fs/9p/conv.c +++ b/fs/9p/conv.c @@ -651,7 +651,7 @@ v9fs_deserialize_fcall(struct v9fs_session_info *v9ses, u32 msgsize, break; case RWALK: rcall->params.rwalk.nwqid = buf_get_int16(bufp); - rcall->params.rwalk.wqids = buf_alloc(bufp, + rcall->params.rwalk.wqids = buf_alloc(dbufp, rcall->params.rwalk.nwqid * sizeof(struct v9fs_qid)); if (rcall->params.rwalk.wqids) for (i = 0; i < rcall->params.rwalk.nwqid; i++) { |