diff options
Diffstat (limited to 'fs/nfsd/nfs4xdr.c')
| -rw-r--r-- | fs/nfsd/nfs4xdr.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index a1c48b4111d2..3d0749633d2b 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c | |||
| @@ -598,20 +598,19 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create | |||
| 598 | switch (create->cr_type) { | 598 | switch (create->cr_type) { |
| 599 | case NF4LNK: | 599 | case NF4LNK: |
| 600 | READ_BUF(4); | 600 | READ_BUF(4); |
| 601 | create->cr_linklen = be32_to_cpup(p++); | 601 | create->cr_datalen = be32_to_cpup(p++); |
| 602 | READ_BUF(create->cr_linklen); | 602 | READ_BUF(create->cr_datalen); |
| 603 | /* | 603 | /* |
| 604 | * The VFS will want a null-terminated string, and | 604 | * The VFS will want a null-terminated string, and |
| 605 | * null-terminating in place isn't safe since this might | 605 | * null-terminating in place isn't safe since this might |
| 606 | * end on a page boundary: | 606 | * end on a page boundary: |
| 607 | */ | 607 | */ |
| 608 | create->cr_linkname = | 608 | create->cr_data = kmalloc(create->cr_datalen + 1, GFP_KERNEL); |
| 609 | kmalloc(create->cr_linklen + 1, GFP_KERNEL); | 609 | if (!create->cr_data) |
| 610 | if (!create->cr_linkname) | ||
| 611 | return nfserr_jukebox; | 610 | return nfserr_jukebox; |
| 612 | memcpy(create->cr_linkname, p, create->cr_linklen); | 611 | memcpy(create->cr_data, p, create->cr_datalen); |
| 613 | create->cr_linkname[create->cr_linklen] = '\0'; | 612 | create->cr_data[create->cr_datalen] = '\0'; |
| 614 | defer_free(argp, kfree, create->cr_linkname); | 613 | defer_free(argp, kfree, create->cr_data); |
| 615 | break; | 614 | break; |
| 616 | case NF4BLK: | 615 | case NF4BLK: |
| 617 | case NF4CHR: | 616 | case NF4CHR: |