summaryrefslogtreecommitdiffstats
path: root/fs/nfs/nfs4xdr.c
diff options
context:
space:
mode:
authorSachin Prabhu <sprabhu@redhat.com>2012-04-17 15:36:40 +0200
committerTrond Myklebust <Trond.Myklebust@netapp.com>2012-04-27 20:09:53 +0200
commit5794d21ef4639f0e33440927bb903f9598c21e92 (patch)
treed4bdbde63624df6e970751f46fd6fe0dacb8718c /fs/nfs/nfs4xdr.c
parentAvoid reading past buffer when calling GETACL (diff)
downloadlinux-5794d21ef4639f0e33440927bb903f9598c21e92.tar.xz
linux-5794d21ef4639f0e33440927bb903f9598c21e92.zip
Avoid beyond bounds copy while caching ACL
When attempting to cache ACLs returned from the server, if the bitmap size + the ACL size is greater than a PAGE_SIZE but the ACL size itself is smaller than a PAGE_SIZE, we can read past the buffer page boundary. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reported-by: Jian Li <jiali@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to '')
-rw-r--r--fs/nfs/nfs4xdr.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 9312dd78d349..203c0967451b 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4940,7 +4940,7 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
res->acl_len = attrlen;
goto out;
}
- dprintk("NFS: acl reply: attrlen %zu > page_len %u\n",
+ dprintk("NFS: acl reply: attrlen %u > page_len %zu\n",
attrlen, page_len);
return -EINVAL;
}