diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-17 17:38:00 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-17 17:38:00 +0100 |
commit | ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab (patch) | |
tree | 6c932b91af61406a6859b9ece21db70901934223 /fs | |
parent | Merge tag 'trace-v5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/ro... (diff) | |
parent | NFSD: Fix exposure in nfsd4_decode_bitmap() (diff) | |
download | linux-ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab.tar.xz linux-ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab.zip |
Merge tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields:
"This is just one bugfix for a buffer overflow in knfsd's xdr decoding"
* tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux:
NFSD: Fix exposure in nfsd4_decode_bitmap()
Diffstat (limited to 'fs')
-rw-r--r-- | fs/nfsd/nfs4xdr.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index b2a1d969a172..5a93a5db4fb0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -288,11 +288,8 @@ nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen) p = xdr_inline_decode(argp->xdr, count << 2); if (!p) return nfserr_bad_xdr; - i = 0; - while (i < count) - bmval[i++] = be32_to_cpup(p++); - while (i < bmlen) - bmval[i++] = 0; + for (i = 0; i < bmlen; i++) + bmval[i] = (i < count) ? be32_to_cpup(p++) : 0; return nfs_ok; } |