projects
/
GitHub
/
exynos8895
/
android_kernel_samsung_universal8895.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e49dbbf
)
nfsd4: reject "negative" acl lengths
author
J. Bruce Fields
<bfields@redhat.com>
Tue, 26 Mar 2013 18:11:13 +0000
(14:11 -0400)
committer
J. Bruce Fields
<bfields@redhat.com>
Tue, 26 Mar 2013 20:18:27 +0000
(16:18 -0400)
Since we only enforce an upper bound, not a lower bound, a "negative"
length can get through here.
The symptom seen was a warning when we attempt to a kmalloc with an
excessive size.
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/nfs4xdr.c
patch
|
blob
|
blame
|
history
diff --git
a/fs/nfsd/nfs4xdr.c
b/fs/nfsd/nfs4xdr.c
index 01168865dd37395a047cbeeb0175d7c8a5b80f88..a2720071f282f7607f13d63af8d6e9d6cf18bce6 100644
(file)
--- a/
fs/nfsd/nfs4xdr.c
+++ b/
fs/nfsd/nfs4xdr.c
@@
-264,7
+264,7
@@
nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
iattr->ia_valid |= ATTR_SIZE;
}
if (bmval[0] & FATTR4_WORD0_ACL) {
-
int
nace;
+
u32
nace;
struct nfs4_ace *ace;
READ_BUF(4); len += 4;