diff options
author | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2023-09-15 22:46:08 +0300 |
---|---|---|
committer | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2023-09-15 22:50:24 +0300 |
commit | c656a4d5484ad99e97de549a9affc12a91d94963 (patch) | |
tree | e8ee9ac0549ca3b16478529f05d5a44fcb3600cf /include | |
parent | 4506f23e117161a20104c8fa04f33e1ca63c26af (diff) | |
download | linux-c656a4d5484ad99e97de549a9affc12a91d94963.tar.xz |
Revert "SUNRPC: clean up integer overflow check"
This reverts commit e87cf8a28e7592bd19064e8181324ae26bc02932.
This commit was added to silence a tautological comparison warning, but
removing the 'len' value check before calling xdr_inline_decode() is
really not what we want.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/sunrpc/xdr.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h index 5b4fb3c791bc..896a6d2a9cf0 100644 --- a/include/linux/sunrpc/xdr.h +++ b/include/linux/sunrpc/xdr.h @@ -779,7 +779,9 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr, if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0)) return -EBADMSG; - p = xdr_inline_decode(xdr, size_mul(len, sizeof(*p))); + if (len > SIZE_MAX / sizeof(*p)) + return -EBADMSG; + p = xdr_inline_decode(xdr, len * sizeof(*p)); if (unlikely(!p)) return -EBADMSG; if (array == NULL) |