ceph: fix length validation in parse_reply_info() (32852a81) · Commits · e / devices / android_kernel_xiaomi_markw

fs/ceph/mds_client.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -262,6 +262,7 @@ static int parse_reply_info(struct ceph_msg *msg,
		/* trace */
		ceph_decode_32_safe(&p, end, len, bad);
		if (len > 0) {
		ceph_decode_need(&p, end, len, bad);
		err = parse_reply_info_trace(&p, p+len, info, features);
		if (err < 0)
		goto out_bad;
		@@ -270,6 +271,7 @@ static int parse_reply_info(struct ceph_msg *msg,
		/* extra */
		ceph_decode_32_safe(&p, end, len, bad);
		if (len > 0) {
		ceph_decode_need(&p, end, len, bad);
		err = parse_reply_info_extra(&p, p+len, info, features);
		if (err < 0)
		goto out_bad;