Merge tag 'nfsd-4.12-1' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields: "Revert patch accidentally included in the merge window pull request, and fix a crash that was likely a result of buggy client behavior" * tag 'nfsd-4.12-1' of git://linux-nfs.org/~bfields/linux: nfsd4: fix null dereference on replay nfsd: Revert "nfsd: check for oversized NFSv2/v3 arguments"
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-06-01 16:24:48 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-06-01 16:24:48 -0700
commit: 3b1e342be265f7df915c68c7c6e450956d8865aa (patch)
tree: 5f7aa93a21752325d12bc2beba3931060dfeace3 /include
parent: 2f48641cfc83c3e1fdc81204382e05edf182691a (diff)
parent: 9a307403d374b993061f5992a6e260c944920d0b (diff)
download: linux-3b1e342be265f7df915c68c7c6e450956d8865aa.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
index 94631026f79c..11cef5a7bc87 100644
--- a/include/linux/sunrpc/svc.h
+++ b/include/linux/sunrpc/svc.h
@@ -336,7 +336,8 @@ xdr_argsize_check(struct svc_rqst *rqstp, __be32 *p)
 {
 	char *cp = (char *)p;
 	struct kvec *vec = &rqstp->rq_arg.head[0];
-	return cp == (char *)vec->iov_base + vec->iov_len;
+	return cp >= (char*)vec->iov_base
+		&& cp <= (char*)vec->iov_base + vec->iov_len;
 }
 
 static inline int
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-06-01 16:24:48 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-06-01 16:24:48 -0700
commit	3b1e342be265f7df915c68c7c6e450956d8865aa (patch)
tree	5f7aa93a21752325d12bc2beba3931060dfeace3 /include
parent	2f48641cfc83c3e1fdc81204382e05edf182691a (diff)
parent	9a307403d374b993061f5992a6e260c944920d0b (diff)
download	linux-3b1e342be265f7df915c68c7c6e450956d8865aa.tar.gz