NFS: Fix a buffer overflow in the allocation of struct nfs_read/writedata Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

commit: 8d5658c949e6d89edc579a1f112aeee3bc232a8e [log] [tgz]
author: Trond Myklebust <Trond.Myklebust@netapp.com> Tue Apr 10 09:26:35 2007 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> Mon Apr 30 22:17:07 2007 -0700
tree: f206d3f6809eeb0ca23c1999cf79aa294968b113
parent: c63c7b051395368573779c8309aa5c990dcf2f96 [diff] [blame]
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 2877744c..889de60 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c

@@ -54,6 +54,7 @@
 #include <asm/uaccess.h>
 #include <asm/atomic.h>
 
+#include "internal.h"
 #include "iostat.h"
 
 #define NFSDBG_FACILITY		NFSDBG_VFS
@@ -271,7 +272,7 @@
 		bytes = min(rsize,count);
 
 		result = -ENOMEM;
-		data = nfs_readdata_alloc(pgbase + bytes);
+		data = nfs_readdata_alloc(nfs_page_array_len(pgbase, bytes));
 		if (unlikely(!data))
 			break;
 
@@ -602,7 +603,7 @@
 		bytes = min(wsize,count);
 
 		result = -ENOMEM;
-		data = nfs_writedata_alloc(pgbase + bytes);
+		data = nfs_writedata_alloc(nfs_page_array_len(pgbase, bytes));
 		if (unlikely(!data))
 			break;
commit	8d5658c949e6d89edc579a1f112aeee3bc232a8e	[log] [tgz]
author	Trond Myklebust <Trond.Myklebust@netapp.com>	Tue Apr 10 09:26:35 2007 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	Mon Apr 30 22:17:07 2007 -0700
tree	f206d3f6809eeb0ca23c1999cf79aa294968b113
parent	c63c7b051395368573779c8309aa5c990dcf2f96 [diff] [blame]