diff options
-rw-r--r-- | net/9p/protocol.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/net/9p/protocol.c b/net/9p/protocol.c index 798beac7f100..1e308f210928 100644 --- a/net/9p/protocol.c +++ b/net/9p/protocol.c | |||
@@ -178,27 +178,24 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt, | |||
178 | break; | 178 | break; |
179 | case 's':{ | 179 | case 's':{ |
180 | char **sptr = va_arg(ap, char **); | 180 | char **sptr = va_arg(ap, char **); |
181 | int16_t len; | 181 | uint16_t len; |
182 | int size; | ||
183 | 182 | ||
184 | errcode = p9pdu_readf(pdu, proto_version, | 183 | errcode = p9pdu_readf(pdu, proto_version, |
185 | "w", &len); | 184 | "w", &len); |
186 | if (errcode) | 185 | if (errcode) |
187 | break; | 186 | break; |
188 | 187 | ||
189 | size = max_t(int16_t, len, 0); | 188 | *sptr = kmalloc(len + 1, GFP_KERNEL); |
190 | |||
191 | *sptr = kmalloc(size + 1, GFP_KERNEL); | ||
192 | if (*sptr == NULL) { | 189 | if (*sptr == NULL) { |
193 | errcode = -EFAULT; | 190 | errcode = -EFAULT; |
194 | break; | 191 | break; |
195 | } | 192 | } |
196 | if (pdu_read(pdu, *sptr, size)) { | 193 | if (pdu_read(pdu, *sptr, len)) { |
197 | errcode = -EFAULT; | 194 | errcode = -EFAULT; |
198 | kfree(*sptr); | 195 | kfree(*sptr); |
199 | *sptr = NULL; | 196 | *sptr = NULL; |
200 | } else | 197 | } else |
201 | (*sptr)[size] = 0; | 198 | (*sptr)[len] = 0; |
202 | } | 199 | } |
203 | break; | 200 | break; |
204 | case 'Q':{ | 201 | case 'Q':{ |
@@ -234,14 +231,14 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt, | |||
234 | } | 231 | } |
235 | break; | 232 | break; |
236 | case 'D':{ | 233 | case 'D':{ |
237 | int32_t *count = va_arg(ap, int32_t *); | 234 | uint32_t *count = va_arg(ap, uint32_t *); |
238 | void **data = va_arg(ap, void **); | 235 | void **data = va_arg(ap, void **); |
239 | 236 | ||
240 | errcode = | 237 | errcode = |
241 | p9pdu_readf(pdu, proto_version, "d", count); | 238 | p9pdu_readf(pdu, proto_version, "d", count); |
242 | if (!errcode) { | 239 | if (!errcode) { |
243 | *count = | 240 | *count = |
244 | min_t(int32_t, *count, | 241 | min_t(uint32_t, *count, |
245 | pdu->size - pdu->offset); | 242 | pdu->size - pdu->offset); |
246 | *data = &pdu->sdata[pdu->offset]; | 243 | *data = &pdu->sdata[pdu->offset]; |
247 | } | 244 | } |
@@ -404,9 +401,10 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt, | |||
404 | break; | 401 | break; |
405 | case 's':{ | 402 | case 's':{ |
406 | const char *sptr = va_arg(ap, const char *); | 403 | const char *sptr = va_arg(ap, const char *); |
407 | int16_t len = 0; | 404 | uint16_t len = 0; |
408 | if (sptr) | 405 | if (sptr) |
409 | len = min_t(int16_t, strlen(sptr), USHRT_MAX); | 406 | len = min_t(uint16_t, strlen(sptr), |
407 | USHRT_MAX); | ||
410 | 408 | ||
411 | errcode = p9pdu_writef(pdu, proto_version, | 409 | errcode = p9pdu_writef(pdu, proto_version, |
412 | "w", len); | 410 | "w", len); |
@@ -438,7 +436,7 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt, | |||
438 | stbuf->n_gid, stbuf->n_muid); | 436 | stbuf->n_gid, stbuf->n_muid); |
439 | } break; | 437 | } break; |
440 | case 'D':{ | 438 | case 'D':{ |
441 | int32_t count = va_arg(ap, int32_t); | 439 | uint32_t count = va_arg(ap, uint32_t); |
442 | const void *data = va_arg(ap, const void *); | 440 | const void *data = va_arg(ap, const void *); |
443 | 441 | ||
444 | errcode = p9pdu_writef(pdu, proto_version, "d", | 442 | errcode = p9pdu_writef(pdu, proto_version, "d", |