Attachment 315754 Details for Bug 461101 – Upstream patch for this issue

[patch] Upstream patch for this issue

0001-nfsd-fix-buffer-overrun-decoding-NFSv4-acl.patch (text/plain), 1.01 KB, created by Eugene Teo (Security Response) on 2008-09-04 13:34:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eugene Teo (Security Response)

Created: 2008-09-04 13:34:11 UTC

Size: 1.01 KB

patch

obsolete

>From 91b80969ba466ba4b915a4a1d03add8c297add3f Mon Sep 17 00:00:00 2001
>From: J. Bruce Fields <bfields@citi.umich.edu>
>Date: Fri, 29 Aug 2008 19:18:45 -0400
>Subject: [PATCH] nfsd: fix buffer overrun decoding NFSv4 acl
>
>The array we kmalloc() here is not large enough.
>
>Thanks to Johann Dahm and David Richter for bug report and testing.
>
>Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
>Cc: David Richter <richterd@citi.umich.edu>
>Tested-by: Johann Dahm <jdahm@umich.edu>
>---
> fs/nfsd/nfs4acl.c |    2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
>diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
>index b6ed383..54b8b41 100644
>--- a/fs/nfsd/nfs4acl.c
>+++ b/fs/nfsd/nfs4acl.c
>@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
> 	 * enough space for either:
> 	 */
> 	alloc = sizeof(struct posix_ace_state_array)
>-		+ cnt*sizeof(struct posix_ace_state);
>+		+ cnt*sizeof(struct posix_user_ace_state);
> 	state->users = kzalloc(alloc, GFP_KERNEL);
> 	if (!state->users)
> 		return -ENOMEM;
>-- 
>1.5.5.1
>

Actions: View | Diff

Attachments on bug 461101: 315754 | 315826