2008-07-21 Roland McGrath <roland@frob.com>

	* hurd/fd-read.c (_hurd_fd_read): Return EGRATUITOUS if the server
	returned too much data out of line.

diff --git a/hurd/fd-read.c b/hurd/fd-read.c
index 388a4db..d673c78 100644 (file)
--- a/hurd/fd-read.c
+++ b/hurd/fd-read.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1993,94,95,97,99,2002 Free Software Foundation, Inc.
+/* Copyright (C) 1993,94,95,97,99,2002,2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -41,6 +41,8 @@ _hurd_fd_read (struct hurd_fd *fd, void *buf, size_t *nbytes, loff_t offset)
 
   if (data != buf)
     {
+      if (nread > *nbytes)     /* Sanity check for bogus server.  */
+       return EGRATUITOUS;
       memcpy (buf, data, nread);
       __vm_deallocate (__mach_task_self (), (vm_address_t) data, nread);
     }