RE: [PATCH] NFSv4: Check for buffer length in __nfs4_get_acl_uncached

"Myklebust, Trond" <Trond.Myklebust@xxxxxxxxxx> · Thu, 13 Dec 2012 00:44:26 +0000

> -----Original Message-----
> From: linux-nfs-owner@xxxxxxxxxxxxxxx [mailto:linux-nfs-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Sven Wegener
> Sent: Wednesday, December 12, 2012 6:15 PM
> To: Myklebust, Trond
> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: [PATCH] NFSv4: Check for buffer length in
> __nfs4_get_acl_uncached
> 
> Commit 1f1ea6c "NFSv4: Fix buffer overflow checking in
> __nfs4_get_acl_uncached" accidently dropped the checking for too small
> result buffer length.
> 
> If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount
> supporting ACLs, the ACL has not been cached and the buffer suplied is too
> short, we still copy the complete ACL, resulting in kernel and user space
> memory corruption.
> 
> Signed-off-by: Sven Wegener <sven.wegener@xxxxxxxxxxx>
> Cc: stable@xxxxxxxxxx
> ---
>  fs/nfs/nfs4proc.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> Resending, because it did not get any response.

Sorry. I've already applied it to the nfs-for-next branch on git.linux-nfs.org, so it should go in during this merge window.

Cheers
  Trond
��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥