The patch titled
nfsd4: fix fs locations bounds-checking
has been added to the -mm tree. Its filename is
knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: nfsd4: fix fs locations bounds-checking
From: "J. Bruce Fields" <bfields@xxxxxxxxxxxx>
The comparison here is obviously useless as locations_count is unsigned.
Though fsloc_parse can only be handed data by root, still I'd rather have some
sanity-checking; so set a (generous) maximum number of fslocations to keep the
following kzalloc to a reasonable size.
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxxxxxx>
Cc: Manoj Naik <manoj@xxxxxxxxxxxxxxx>
Cc: Fred Isaman <iisaman@xxxxxxxxxxxxxx>
Cc: Neil Brown <neilb@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/nfsd/export.c | 2 +-
include/linux/nfsd/export.h | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff -puN fs/nfsd/export.c~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking fs/nfsd/export.c
--- a/fs/nfsd/export.c~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking
+++ a/fs/nfsd/export.c
@@ -415,7 +415,7 @@ fsloc_parse(char **mesg, char *buf, stru
err = get_int(mesg, &fsloc->locations_count);
if (err)
return err;
- if (fsloc->locations_count < 0)
+ if (fsloc->locations_count > MAX_FS_LOCATIONS)
return -EINVAL;
if (fsloc->locations_count == 0)
return 0;
diff -puN include/linux/nfsd/export.h~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking include/linux/nfsd/export.h
--- a/include/linux/nfsd/export.h~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking
+++ a/include/linux/nfsd/export.h
@@ -48,6 +48,9 @@
/*
* FS Locations
*/
+
+#define MAX_FS_LOCATIONS 128
+
struct nfsd4_fs_location {
char *hosts; /* colon separated list of hosts */
char *path; /* slash separated list of path components */
_
Patches currently in -mm which might be from bfields@xxxxxxxxxxxx are
origin.patch
knfsd-call-lockd_down-when-closing-a-socket-via-a-write-to-nfsd-portlist.patch
knfsd-svcrpc-gss-factor-out-some-common-wrapping-code.patch
knfsd-svcrpc-gss-fix-failure-on-svc_denied-in-integrity-case.patch
knfsd-svcrpc-use-consistent-variable-name-for-the-reply-state.patch
knfsd-nfsd4-refactor-exp_pseudoroot.patch
knfsd-nfsd4-clean-up-exp_pseudoroot.patch
knfsd-nfsd4-acls-relax-the-nfsv4-posix-mapping.patch
knfsd-nfsd4-acls-fix-inheritance.patch
knfsd-nfsd4-acls-simplify-nfs4_acl_nfsv4_to_posix-interface.patch
knfsd-nfsd4-acls-fix-handling-of-zero-length-acls.patch
knfsd-fix-auto-sizing-of-nfsd-request-reply-buffers.patch
knfsd-nfsd-store-export-path-in-export.patch
knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking.patch
knfsd-nfsd4-fslocations-data-structures-nfsd4-fslocs-fix-compile-in-non-config_nfsd_v4-case.patch
knfsd-nfsd4-xdr-encoding-for-fs_locations.patch
knfsd-nfsd4-actually-use-all-the-pieces-to-implement-referrals.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
