aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/9p/protocol.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/net/9p/protocol.c b/net/9p/protocol.c
index 798beac7f100..1e308f210928 100644
--- a/net/9p/protocol.c
+++ b/net/9p/protocol.c
@@ -178,27 +178,24 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
178 break; 178 break;
179 case 's':{ 179 case 's':{
180 char **sptr = va_arg(ap, char **); 180 char **sptr = va_arg(ap, char **);
181 int16_t len; 181 uint16_t len;
182 int size;
183 182
184 errcode = p9pdu_readf(pdu, proto_version, 183 errcode = p9pdu_readf(pdu, proto_version,
185 "w", &len); 184 "w", &len);
186 if (errcode) 185 if (errcode)
187 break; 186 break;
188 187
189 size = max_t(int16_t, len, 0); 188 *sptr = kmalloc(len + 1, GFP_KERNEL);
190
191 *sptr = kmalloc(size + 1, GFP_KERNEL);
192 if (*sptr == NULL) { 189 if (*sptr == NULL) {
193 errcode = -EFAULT; 190 errcode = -EFAULT;
194 break; 191 break;
195 } 192 }
196 if (pdu_read(pdu, *sptr, size)) { 193 if (pdu_read(pdu, *sptr, len)) {
197 errcode = -EFAULT; 194 errcode = -EFAULT;
198 kfree(*sptr); 195 kfree(*sptr);
199 *sptr = NULL; 196 *sptr = NULL;
200 } else 197 } else
201 (*sptr)[size] = 0; 198 (*sptr)[len] = 0;
202 } 199 }
203 break; 200 break;
204 case 'Q':{ 201 case 'Q':{
@@ -234,14 +231,14 @@ p9pdu_vreadf(struct p9_fcall *pdu, int proto_version, const char *fmt,
234 } 231 }
235 break; 232 break;
236 case 'D':{ 233 case 'D':{
237 int32_t *count = va_arg(ap, int32_t *); 234 uint32_t *count = va_arg(ap, uint32_t *);
238 void **data = va_arg(ap, void **); 235 void **data = va_arg(ap, void **);
239 236
240 errcode = 237 errcode =
241 p9pdu_readf(pdu, proto_version, "d", count); 238 p9pdu_readf(pdu, proto_version, "d", count);
242 if (!errcode) { 239 if (!errcode) {
243 *count = 240 *count =
244 min_t(int32_t, *count, 241 min_t(uint32_t, *count,
245 pdu->size - pdu->offset); 242 pdu->size - pdu->offset);
246 *data = &pdu->sdata[pdu->offset]; 243 *data = &pdu->sdata[pdu->offset];
247 } 244 }
@@ -404,9 +401,10 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
404 break; 401 break;
405 case 's':{ 402 case 's':{
406 const char *sptr = va_arg(ap, const char *); 403 const char *sptr = va_arg(ap, const char *);
407 int16_t len = 0; 404 uint16_t len = 0;
408 if (sptr) 405 if (sptr)
409 len = min_t(int16_t, strlen(sptr), USHRT_MAX); 406 len = min_t(uint16_t, strlen(sptr),
407 USHRT_MAX);
410 408
411 errcode = p9pdu_writef(pdu, proto_version, 409 errcode = p9pdu_writef(pdu, proto_version,
412 "w", len); 410 "w", len);
@@ -438,7 +436,7 @@ p9pdu_vwritef(struct p9_fcall *pdu, int proto_version, const char *fmt,
438 stbuf->n_gid, stbuf->n_muid); 436 stbuf->n_gid, stbuf->n_muid);
439 } break; 437 } break;
440 case 'D':{ 438 case 'D':{
441 int32_t count = va_arg(ap, int32_t); 439 uint32_t count = va_arg(ap, uint32_t);
442 const void *data = va_arg(ap, const void *); 440 const void *data = va_arg(ap, const void *);
443 441
444 errcode = p9pdu_writef(pdu, proto_version, "d", 442 errcode = p9pdu_writef(pdu, proto_version, "d",