diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2016-02-29 20:21:21 -0500 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2016-03-01 13:02:57 -0800 |
| commit | 4aed9c46afb80164401143aa0fdcfe3798baa9d5 (patch) | |
| tree | fa0cae60a7a74660937630b60e4c255774777a85 /arch/microblaze | |
| parent | b7052cd7bcf3c1478796e93e3dff2b44c9e82943 (diff) | |
nfsd4: fix bad bounds checking
A number of spots in the xdr decoding follow a pattern like
n = be32_to_cpup(p++);
READ_BUF(n + 4);
where n is a u32. The only bounds checking is done in READ_BUF itself,
but since it's checking (n + 4), it won't catch cases where n is very
large, (u32)(-4) or higher. I'm not sure exactly what the consequences
are, but we've seen crashes soon after.
Instead, just break these up into two READ_BUF()s.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'arch/microblaze')
0 files changed, 0 insertions, 0 deletions