From ace0e14f4fe5f5944d27d8bd4d3492ad0d2b09e2 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Tue, 20 Sep 2016 14:33:42 -0400 Subject: [PATCH] SUNRPC: Fix corruption of xdr->nwords in xdr_copy_to_scratch When we copy the first part of the data, we need to ensure that value of xdr->nwords is updated as well. Do so by calling __xdr_inline_decode() Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker --- net/sunrpc/xdr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index c4f3cc0c0775..b8444860edf5 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -859,12 +859,15 @@ EXPORT_SYMBOL_GPL(xdr_set_scratch_buffer); static __be32 *xdr_copy_to_scratch(struct xdr_stream *xdr, size_t nbytes) { __be32 *p; - void *cpdest = xdr->scratch.iov_base; + char *cpdest = xdr->scratch.iov_base; size_t cplen = (char *)xdr->end - (char *)xdr->p; if (nbytes > xdr->scratch.iov_len) return NULL; - memcpy(cpdest, xdr->p, cplen); + p = __xdr_inline_decode(xdr, cplen); + if (p == NULL) + return NULL; + memcpy(cpdest, p, cplen); cpdest += cplen; nbytes -= cplen; if (!xdr_set_next_buffer(xdr)) -- 2.20.1