net: nfs: Fix possible buffer overflow
nfs_readlink_reply() interprets a 32bit value directly received from the network as length argument to memcpy() without any boundary checking. Clamp the copy size at the end of the incoming packet. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> |
---|
|
net/nfs.c |
---|