[PATCH 2/2] 9p: ensure logical size fits allocated size
From: Dominique Martinet
Date: Fri Nov 18 2022 - 08:56:08 EST
all buffers used to be msize big, but the size can now vary based on
message type and arguments.
Adjut p9_check_error() to check the logical size (request payload) fits
within the allocated size (capacity) rather than msize
Transports normally all check this when the packet is being read, but
might as well stay coherent.
Fixes: 60ece0833b6c ("net/9p: allocate appropriate reduced message buffers")
Signed-off-by: Dominique Martinet <asmadeus@xxxxxxxxxxxxx>
---
I think with the previous patch this is purely redundant, but better
safe than sorry...
The main problem is that if we didn't find this before we already
overflowed a buffer, so this is quite late!
net/9p/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/9p/client.c b/net/9p/client.c
index aaa37b07e30a..45dcc9e5d091 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -514,7 +514,7 @@ static int p9_check_errors(struct p9_client *c, struct p9_req_t *req)
int ecode;
err = p9_parse_header(&req->rc, NULL, &type, NULL, 0);
- if (req->rc.size >= c->msize) {
+ if (req->rc.size >= req->rc.capacity) {
p9_debug(P9_DEBUG_ERROR,
"requested packet size too big: %d\n",
req->rc.size);
--
2.38.1