fs: nfs: Fix readlink max size check

We must at maximum use all remaining bytes from the packet. This means we have to set length to the *minimum* of the desired length and the remaining bytes, not the *maximum*. /me goes hiding somewhere... Fixes: 574ce99401 ("fs: nfs: Fix possible buffer overflow") Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
author: Sascha Hauer <s.hauer@pengutronix.de> 2021-05-11 10:49:26 +0200
committer: Sascha Hauer <s.hauer@pengutronix.de> 2021-05-12 07:31:48 +0200
commit: ce0103c4d585a41d7e158e8d211502910752bfd9 (patch)
tree: 5a50f2801fb3aa78396f5b6be5f6bce9bed09854 /fs
parent: b1d6710dce6f2f5b7dff4d6f127a75acad8da9af (diff)
download: barebox-ce0103c4d585a41d7e158e8d211502910752bfd9.tar.gz
barebox-ce0103c4d585a41d7e158e8d211502910752bfd9.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs.c b/fs/nfs.c
index c281a2ba75..1130632eb3 100644
--- a/fs/nfs.c
+++ b/fs/nfs.c
@@ -1125,7 +1125,7 @@ static int nfs_readlink_req(struct nfs_priv *npriv, struct nfs_fh *fh,
 
 	len = ntoh32(net_read_uint32(p)); /* new path length */
 
-	len = max_t(unsigned int, len,
+	len = min_t(unsigned int, len,
 		    nfs_packet->len - sizeof(struct rpc_reply) - sizeof(uint32_t));
 
 	p++;
author	Sascha Hauer <s.hauer@pengutronix.de>	2021-05-11 10:49:26 +0200
committer	Sascha Hauer <s.hauer@pengutronix.de>	2021-05-12 07:31:48 +0200
commit	ce0103c4d585a41d7e158e8d211502910752bfd9 (patch)
tree	5a50f2801fb3aa78396f5b6be5f6bce9bed09854 /fs
parent	b1d6710dce6f2f5b7dff4d6f127a75acad8da9af (diff)
download	barebox-ce0103c4d585a41d7e158e8d211502910752bfd9.tar.gz barebox-ce0103c4d585a41d7e158e8d211502910752bfd9.tar.xz