Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 13bf9fbf authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

nfsd: stricter decoding of write-like NFSv2/v3 ops 



The NFSv2/v3 code does not systematically check whether we decode past
the end of the buffer.  This generally appears to be harmless, but there
are a few places where we do arithmetic on the pointers involved and
don't account for the possibility that a length could be negative.  Add
checks to catch these.

Reported-by: default avatarTuomas Haanpää <thaan@synopsys.com>
Reported-by: default avatarAri Kauppi <ari@synopsys.com>
Reviewed-by: default avatarNeilBrown <neilb@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent db44bac4
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment