| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Oct 2020 15:52:40 +0100
From: Alex Dewar <alex.dewar90@...il.com>
To: unlisted-recipients:; (no To-header on input)
Cc: Alex Dewar <alex.dewar90@...il.com>,
"J. Bruce Fields" <bfields@...ldses.org>,
Chuck Lever <chuck.lever@...cle.com>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Anna Schumaker <anna.schumaker@...app.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Artur Molchanov <arturmolchanov@...il.com>,
linux-nfs@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] net/sunrpc: Fix return value from proc_do_xprt()
Commit c09f56b8f68d ("net/sunrpc: Fix return value for sysctl
sunrpc.transports") attempted to add error checking for the call to
memory_read_from_buffer(), however its return value was assigned to a
size_t variable, so any negative values would be lost in the cast. Fix
this.
Addresses-Coverity-ID: 1498033: Control flow issues (NO_EFFECT)
Fixes: c09f56b8f68d ("net/sunrpc: Fix return value for sysctl sunrpc.transports")
Signed-off-by: Alex Dewar <alex.dewar90@...il.com>
---
net/sunrpc/sysctl.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/sysctl.c b/net/sunrpc/sysctl.c
index a18b36b5422d..c95a2b84dd95 100644
--- a/net/sunrpc/sysctl.c
+++ b/net/sunrpc/sysctl.c
@@ -62,6 +62,7 @@ rpc_unregister_sysctl(void)
static int proc_do_xprt(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
+ ssize_t bytes_read;
char tmpbuf[256];
size_t len;
@@ -70,12 +71,14 @@ static int proc_do_xprt(struct ctl_table *table, int write,
return 0;
}
len = svc_print_xprts(tmpbuf, sizeof(tmpbuf));
- *lenp = memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
+ bytes_read = memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
- if (*lenp < 0) {
+ if (bytes_read < 0) {
*lenp = 0;
return -EINVAL;
}
+
+ *lenp = bytes_read;
return 0;
}
--
2.29.1
Powered by blists - more mailing lists