diff options
author | Pan Bian <bianpan2016@163.com> | 2017-04-23 08:49:41 +0200 |
---|---|---|
committer | Trond Myklebust <trond.myklebust@primarydata.com> | 2017-04-28 19:06:59 +0200 |
commit | 4edabfd7d0f7d39eeda8ffac76d9e884c22951d9 (patch) | |
tree | df89653068ba714a55f6e4429dc7269e1588a9d6 | |
parent | nfs/filelayout: fix NULL pointer dereference in fl_pnfs_update_layout() (diff) | |
download | linux-4edabfd7d0f7d39eeda8ffac76d9e884c22951d9.tar.xz linux-4edabfd7d0f7d39eeda8ffac76d9e884c22951d9.zip |
NFSv4: check return value of xdr_inline_decode
Function xdr_inline_decode() will return a NULL pointer if the input
buffer does not have long enough buffer to decode nbytes of data.
However, in function decode_op_map(), the return value of
xdr_inline_decode() is not validated before it is used. This patch adds
a check to the return value of xdr_inline_decode().
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
-rw-r--r-- | fs/nfs/nfs4xdr.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 125212588115..dbfe48ac3529 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -5570,6 +5570,8 @@ static int decode_op_map(struct xdr_stream *xdr, struct nfs4_op_map *op_map) unsigned int i; p = xdr_inline_decode(xdr, 4); + if (!p) + return -EIO; bitmap_words = be32_to_cpup(p++); if (bitmap_words > NFS4_OP_MAP_NUM_WORDS) return -EIO; |