From: Roland McGrath <roland@gnu.org>
Date: Mon, 21 Jul 2008 19:50:36 +0000 (+0000)
Subject: 2008-07-21  Roland McGrath  <roland@frob.com>
X-Git-Tag: cvs/fedora-glibc-20080728T2320~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2e806440f9c41db2a9aa3c7d6f1270a449c63af7;p=thirdparty%2Fglibc.git

2008-07-21  Roland McGrath  <roland@frob.com>

	* hurd/fd-read.c (_hurd_fd_read): Return EGRATUITOUS if the server
	returned too much data out of line.
---

diff --git a/hurd/fd-read.c b/hurd/fd-read.c
index 388a4dbaf9e..d673c78e03f 100644
--- a/hurd/fd-read.c
+++ b/hurd/fd-read.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1993,94,95,97,99,2002 Free Software Foundation, Inc.
+/* Copyright (C) 1993,94,95,97,99,2002,2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -41,6 +41,8 @@ _hurd_fd_read (struct hurd_fd *fd, void *buf, size_t *nbytes, loff_t offset)
 
   if (data != buf)
     {
+      if (nread > *nbytes)	/* Sanity check for bogus server.  */
+	return EGRATUITOUS;
       memcpy (buf, data, nread);
       __vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
     }