Flow spec length don't depend on the size of the command header: they are part of different layers.
Signed-off-by: Yann Droneaud <ydrone...@opteya.com> Link: http://marc.info/?i=cover.1381510045.git.ydrone...@opteya.com Link: http://mid.gmane.org/cover.1381510045.git.ydrone...@opteya.com --- drivers/infiniband/core/uverbs_cmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c index 3b732f6..1e5f0dd 100644 --- a/drivers/infiniband/core/uverbs_cmd.c +++ b/drivers/infiniband/core/uverbs_cmd.c @@ -2671,8 +2671,8 @@ ssize_t ib_uverbs_create_flow(struct ib_uverbs_file *file, if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS) return -EINVAL; - if (cmd.flow_attr.size > (in_len - sizeof(cmd) - sizeof(struct - ib_uverbs_cmd_hdr_ex)) || cmd.flow_attr.size > + if (cmd.flow_attr.size > (in_len - sizeof(cmd)) || + cmd.flow_attr.size > (cmd.flow_attr.num_of_specs * sizeof(struct ib_kern_spec))) return -EINVAL; -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
