summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-11-17 17:38:00 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2021-11-17 17:38:00 +0100
commitef1d8dda23e7df10b48c90f86b12c9b4c62da1ab (patch)
tree6c932b91af61406a6859b9ece21db70901934223 /fs
parentMerge tag 'trace-v5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/ro... (diff)
parentNFSD: Fix exposure in nfsd4_decode_bitmap() (diff)
downloadlinux-ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab.tar.xz
linux-ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab.zip
Merge tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields: "This is just one bugfix for a buffer overflow in knfsd's xdr decoding" * tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux: NFSD: Fix exposure in nfsd4_decode_bitmap()
Diffstat (limited to 'fs')
-rw-r--r--fs/nfsd/nfs4xdr.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index b2a1d969a172..5a93a5db4fb0 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -288,11 +288,8 @@ nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen)
p = xdr_inline_decode(argp->xdr, count << 2);
if (!p)
return nfserr_bad_xdr;
- i = 0;
- while (i < count)
- bmval[i++] = be32_to_cpup(p++);
- while (i < bmlen)
- bmval[i++] = 0;
+ for (i = 0; i < bmlen; i++)
+ bmval[i] = (i < count) ? be32_to_cpup(p++) : 0;
return nfs_ok;
}