Google Git
Sign in
kernel / pub / scm / linux / kernel / git / keithp / linux / 22594eea7aea374c0680f70fd89eeb1fc47ae635
commit22594eea7aea374c0680f70fd89eeb1fc47ae635[log] [tgz]
authorSachin Prabhu <sprabhu@redhat.com>Tue Apr 17 14:35:39 2012 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Mon May 21 10:46:24 2012 -0700
treefde98636153ccdd7539e03ccb2758c5902376c9d
parent4262cd1f4b734ea5fa05c37043c89106f38b2daa [diff]
Avoid reading past buffer when calling GETACL

commit 5a00689930ab975fdd1b37b034475017e460cf2a upstream.

Bug noticed in commit
bf118a342f10dafe44b14451a1392c3254629a1f

When calling GETACL, if the size of the bitmap array, the length
attribute and the acl returned by the server is greater than the
allocated buffer(args.acl_len), we can Oops with a General Protection
fault at _copy_from_pages() when we attempt to read past the pages
allocated.

This patch allocates an extra PAGE for the bitmap and checks to see that
the bitmap + attribute_length + ACLs don't exceed the buffer space
allocated to it.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reported-by: Jian Li <jiali@redhat.com>
[Trond: Fixed a size_t vs unsigned int printk() warning]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2 files changed
tree: fde98636153ccdd7539e03ccb2758c5902376c9d
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS