[PATCH] btrfs: Do not return more items that user asked from from search ioctl

Jan Kara Fri, 20 Aug 2010 14:47:30 -0700

While searching a tree we didn't properly check number of items we really
stored in user's buffer thus possibly exceeding number of items requested
by user. This was mostly harmless since actual buffer overflow is checked
correctly in a different place. Anyway, let's fix the check.


Signed-off-by: Jan Kara <j...@suse.cz>
---
 fs/btrfs/ioctl.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 9254b3d..94e7ab5 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -977,7 +977,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
                }
                found++;
 
-               if (*num_found >= sk->nr_items)
+               if (*num_found + found >= sk->nr_items)
                        break;
        }
 advance_key:
-- 
1.6.4.2

--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] btrfs: Do not return more items that user asked from from search ioctl

Reply via email to