diff options
author | Sachin Prabhu <sprabhu@redhat.com> | 2012-04-17 15:36:40 +0200 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-04-27 20:09:53 +0200 |
commit | 5794d21ef4639f0e33440927bb903f9598c21e92 (patch) | |
tree | d4bdbde63624df6e970751f46fd6fe0dacb8718c /fs/nfs/nfs4xdr.c | |
parent | Avoid reading past buffer when calling GETACL (diff) | |
download | linux-5794d21ef4639f0e33440927bb903f9598c21e92.tar.xz linux-5794d21ef4639f0e33440927bb903f9598c21e92.zip |
Avoid beyond bounds copy while caching ACL
When attempting to cache ACLs returned from the server, if the bitmap
size + the ACL size is greater than a PAGE_SIZE but the ACL size itself
is smaller than a PAGE_SIZE, we can read past the buffer page boundary.
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reported-by: Jian Li <jiali@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to '')
-rw-r--r-- | fs/nfs/nfs4xdr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 9312dd78d349..203c0967451b 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -4940,7 +4940,7 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req, res->acl_len = attrlen; goto out; } - dprintk("NFS: acl reply: attrlen %zu > page_len %u\n", + dprintk("NFS: acl reply: attrlen %u > page_len %zu\n", attrlen, page_len); return -EINVAL; } |