From: Sachin Prabhu <sprabhu@redhat.com>
To: Linux NFS mailing list <linux-nfs@vger.kernel.org>
Cc: Trond Myklebust <trond.myklebust@netapp.com>
Subject: [PATCH] Avoid array overflow in __nfs4_get_acl_uncached
Date: Fri, 24 Aug 2012 15:16:08 +0100 [thread overview]
Message-ID: <1345817768-23511-1-git-send-email-sprabhu@redhat.com> (raw)
This fixes a bug introduced by commit
5a00689930ab975fdd1b37b034475017e460cf2a
The patch adds an extra page to npages to hold the bitmap returned by
the server.
Bruce Fields pointed out that the changes introduced by the patch will
cause the array npages to overflow if a buffer of size greater than or
equal to XATTR_SIZE_MAX is passed to __nfs4_get_acl_uncached()
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
---
fs/nfs/nfs4proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 6352741..86333b8 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3768,7 +3768,7 @@ out:
*/
static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
{
- struct page *pages[NFS4ACL_MAXPAGES] = {NULL, };
+ struct page *pages[NFS4ACL_MAXPAGES+1] = {NULL, };
struct nfs_getaclargs args = {
.fh = NFS_FH(inode),
.acl_pages = pages,
--
1.7.11.4
next reply other threads:[~2012-08-24 14:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-24 14:16 Sachin Prabhu [this message]
2012-08-24 15:07 ` [PATCH] Avoid array overflow in __nfs4_get_acl_uncached Myklebust, Trond
2012-08-24 21:31 ` Sachin Prabhu
2012-08-24 21:38 ` Myklebust, Trond
2012-08-24 21:51 ` Sachin Prabhu
2012-08-24 22:02 ` Myklebust, Trond
2012-08-25 23:31 ` Sachin Prabhu
2012-08-26 18:57 ` Myklebust, Trond
2012-08-28 14:09 ` Sachin Prabhu
2012-09-03 19:11 ` Myklebust, Trond
2012-09-06 14:46 ` Sachin Prabhu
2012-09-06 14:53 ` Myklebust, Trond
2012-09-06 15:05 ` Sachin Prabhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1345817768-23511-1-git-send-email-sprabhu@redhat.com \
--to=sprabhu@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@netapp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).