From 7d746dd5e6813a31d2ccfb923c6ea9c53e00d0c4 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 21 Jul 2015 15:42:59 +0100
Subject: [PATCH] x86_64: Fix strnlen_user() to not touch memory after
 specified maximum

Inspired by commit f18c34e483ff ("lib: Fix strnlen_user() to not touch
memory after specified maximum") upstream.  This version of
strnlen_user(), no longer present upstream, has a similar off-by-one
error.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Jan Kara <jack@suse.cz>
(cherry picked from commit 4797489ce83a5f42d0b38089695a48d4a3d1ee0b)

Signed-off-by: Willy Tarreau <w@1wt.eu>
---
 arch/x86/lib/usercopy_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index b7c2849ffb660..3428d916fd894 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -113,7 +113,7 @@ long __strnlen_user(const char __user *s, long n)
 	char c;
 
 	while (1) {
-		if (res>n)
+		if (res >= n)
 			return n+1;
 		if (__get_user(c, s))
 			return 0;
-- 
2.47.2