summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorAnna Schumaker <Anna.Schumaker@Netapp.com>2023-09-15 22:46:08 +0300
committerAnna Schumaker <Anna.Schumaker@Netapp.com>2023-09-15 22:50:24 +0300
commitc656a4d5484ad99e97de549a9affc12a91d94963 (patch)
treee8ee9ac0549ca3b16478529f05d5a44fcb3600cf /include
parent4506f23e117161a20104c8fa04f33e1ca63c26af (diff)
downloadlinux-c656a4d5484ad99e97de549a9affc12a91d94963.tar.xz
Revert "SUNRPC: clean up integer overflow check"
This reverts commit e87cf8a28e7592bd19064e8181324ae26bc02932. This commit was added to silence a tautological comparison warning, but removing the 'len' value check before calling xdr_inline_decode() is really not what we want. Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/sunrpc/xdr.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index 5b4fb3c791bc..896a6d2a9cf0 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -779,7 +779,9 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
return -EBADMSG;
- p = xdr_inline_decode(xdr, size_mul(len, sizeof(*p)));
+ if (len > SIZE_MAX / sizeof(*p))
+ return -EBADMSG;
+ p = xdr_inline_decode(xdr, len * sizeof(*p));
if (unlikely(!p))
return -EBADMSG;
if (array == NULL)