x86_64: Fix strnlen_user() to not touch memory after specified maximum

Inspired by commit f18c34e483ff ("lib: Fix strnlen_user() to not touch
memory after specified maximum") upstream.  This version of
strnlen_user(), no longer present upstream, has a similar off-by-one
error.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Jan Kara <jack@suse.cz>
(cherry picked from commit 4797489ce83a5f42d0b38089695a48d4a3d1ee0b)

Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index b7c2849ffb66015ed114a5ab2015956aecd69d7b..3428d916fd894829d32d23f615e442322e0a6acc 100644 (file)
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -113,7 +113,7 @@ long __strnlen_user(const char __user *s, long n)
        char c;
 
        while (1) {
-               if (res>n)
+               if (res >= n)
                        return n+1;
                if (__get_user(c, s))
                        return 0;