| From de3997a7eeb9ea286b15879fdf8a95aae065b4f7 Mon Sep 17 00:00:00 2001 |
| From: "J. Bruce Fields" <bfields@redhat.com> |
| Date: Tue, 28 Jan 2014 16:05:15 -0500 |
| Subject: nfsd4: buffer-length check for SUPPATTR_EXCLCREAT |
| |
| From: "J. Bruce Fields" <bfields@redhat.com> |
| |
| commit de3997a7eeb9ea286b15879fdf8a95aae065b4f7 upstream. |
| |
| This was an omission from 8c18f2052e756e7d5dea712fc6e7ed70c00e8a39 |
| "nfsd41: SUPPATTR_EXCLCREAT attribute". |
| |
| Cc: Benny Halevy <bhalevy@primarydata.com> |
| Signed-off-by: J. Bruce Fields <bfields@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/nfsd/nfs4xdr.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/fs/nfsd/nfs4xdr.c |
| +++ b/fs/nfsd/nfs4xdr.c |
| @@ -2410,6 +2410,8 @@ out_acl: |
| WRITE64(stat.ino); |
| } |
| if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) { |
| + if ((buflen -= 16) < 0) |
| + goto out_resource; |
| WRITE32(3); |
| WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0); |
| WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1); |
