lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nfsd: fix buffer overrun decoding NFSv4 acl

Browse Source 
The array we kmalloc() here is not large enough.

Thanks to Johann Dahm and David Richter for bug report and testing.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: David Richter <richterd@citi.umich.edu>
Tested-by: Johann Dahm <jdahm@umich.edu>
This commit is contained in:
J. Bruce Fields
2008-08-29 19:18:45 -04:00
parent 27df6f25ff
commit 91b80969ba
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fs/nfsd/nfs4acl.c
View File

@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
* enough space for either: * enough space for either:
*/ */
alloc = sizeof(struct posix_ace_state_array) alloc = sizeof(struct posix_ace_state_array)
+ cnt*sizeof(struct posix_ace_state); + cnt*sizeof(struct posix_user_ace_state);
state->users = kzalloc(alloc, GFP_KERNEL); state->users = kzalloc(alloc, GFP_KERNEL);
if (!state->users) if (!state->users)
return -ENOMEM; return -ENOMEM;