From: Pan Bian Date: Sun, 23 Apr 2017 06:49:41 +0000 (+0800) Subject: NFSv4: check return value of xdr_inline_decode X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4edabfd7d0f7d39eeda8ffac76d9e884c22951d9;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git NFSv4: check return value of xdr_inline_decode Function xdr_inline_decode() will return a NULL pointer if the input buffer does not have long enough buffer to decode nbytes of data. However, in function decode_op_map(), the return value of xdr_inline_decode() is not validated before it is used. This patch adds a check to the return value of xdr_inline_decode(). Signed-off-by: Pan Bian Signed-off-by: Trond Myklebust --- diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 125212588115..dbfe48ac3529 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -5570,6 +5570,8 @@ static int decode_op_map(struct xdr_stream *xdr, struct nfs4_op_map *op_map) unsigned int i; p = xdr_inline_decode(xdr, 4); + if (!p) + return -EIO; bitmap_words = be32_to_cpup(p++); if (bitmap_words > NFS4_OP_MAP_NUM_WORDS) return -EIO;