This is a note to let you know that I've just added the patch titled
nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfsd4-buffer-length-check-for-suppattr_exclcreat.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From de3997a7eeb9ea286b15879fdf8a95aae065b4f7 Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
Date: Tue, 28 Jan 2014 16:05:15 -0500
Subject: nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
commit de3997a7eeb9ea286b15879fdf8a95aae065b4f7 upstream.
This was an omission from 8c18f2052e756e7d5dea712fc6e7ed70c00e8a39
"nfsd41: SUPPATTR_EXCLCREAT attribute".
Cc: Benny Halevy <bhalevy@xxxxxxxxxxxxxxx>
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/nfsd/nfs4xdr.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2483,6 +2483,8 @@ out_acl:
goto out;
}
if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
+ if ((buflen -= 16) < 0)
+ goto out_resource;
WRITE32(3);
WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
Patches currently in stable-queue which might be from bfields@xxxxxxxxxx are
queue-3.14/nfsd4-fix-test_stateid-error-reply-encoding.patch
queue-3.14/nfsd4-leave-reply-buffer-space-for-failed-setattr.patch
queue-3.14/nfsd4-session-needs-room-for-following-op-to-error-out.patch
queue-3.14/nfsd4-buffer-length-check-for-suppattr_exclcreat.patch
queue-3.14/nfsd-revert-v2-half-of-nfsd-don-t-return-high-mode-bits.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html