Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91b80969 authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

nfsd: fix buffer overrun decoding NFSv4 acl 



The array we kmalloc() here is not large enough.

Thanks to Johann Dahm and David Richter for bug report and testing.

Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
Cc: David Richter <richterd@citi.umich.edu>
Tested-by: default avatarJohann Dahm <jdahm@umich.edu>
parent 27df6f25

fs/nfsd/nfs4acl.c

+1 −1
Original line number Diff line number Diff line
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt) 
	 * enough space for either:

	 */

	alloc = sizeof(struct posix_ace_state_array)

		+ cnt*sizeof(struct posix_ace_state);

		+ cnt*sizeof(struct posix_user_ace_state);

	state->users = kzalloc(alloc, GFP_KERNEL);

	if (!state->users)

		return -ENOMEM;