Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 58fcb8df0bf663bb6b8f46cd3010bfe8d13d97cf

Authored by Trond Myklebust
Committed by Linus Torvalds
1 parent 75cd968ab2
Exists in master and in 20 other branches dlt-processor-sdk-linux-03.00.00.04, newt-ti-linux-3.12.y, processor-sdk-linux-01.00.00, processor-sdk-linux-02.00.01, smarc-ti-linux-3.12.10, smarc-ti-linux-3.12.y, smarc-ti-linux-3.14.y, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.12.y, ti-linux-3.14.y, ti-linux-3.15.y, ti-lsk-linux-4.1.y

[PATCH] NFS: Ensure ACL xdr code doesn't overflow. 

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Showing 3 changed files with 3 additions and 0 deletions Side-by-side Diff

fs/nfs_common/nfsacl.c
Diff comments   View file @ 58fcb8d
... ... @@ -239,6 +239,7 @@
239 239 if (xdr_decode_word(buf, base, &entries) ||
240 240 entries > NFS_ACL_MAX_ENTRIES)
241 241 return -EINVAL;
  242 + nfsacl_desc.desc.array_maxlen = entries;
242 243 err = xdr_decode_array2(buf, base + 4, &nfsacl_desc.desc);
243 244 if (err)
244 245 return err;
include/linux/sunrpc/xdr.h
Diff comments   View file @ 58fcb8d
... ... @@ -177,6 +177,7 @@
177 177 struct xdr_array2_desc {
178 178 unsigned int elem_size;
179 179 unsigned int array_len;
  180 + unsigned int array_maxlen;
180 181 xdr_xcode_elem_t xcode;
181 182 };
182 183  
... ... @@ -993,6 +993,7 @@
993 993 return -EINVAL;
994 994 } else {
995 995 if (xdr_decode_word(buf, base, &desc->array_len) != 0 ||
  996 + desc->array_len > desc->array_maxlen ||
996 997 (unsigned long) base + 4 + desc->array_len *
997 998 desc->elem_size > buf->len)
998 999 return -EINVAL;