Please sign in to comment.
nfsd: stricter decoding of write-like NFSv2/v3 ops
The NFSv2/v3 code does not systematically check whether we decode past the end of the buffer. This generally appears to be harmless, but there are a few places where we do arithmetic on the pointers involved and don't account for the possibility that a length could be negative. Add checks to catch these. Reported-by: Tuomas Haanpää <email@example.com> Reported-by: Ari Kauppi <firstname.lastname@example.org> Reviewed-by: NeilBrown <email@example.com> Cc: firstname.lastname@example.org Signed-off-by: J. Bruce Fields <email@example.com>
- Loading branch information...
Showing with 6 additions and 0 deletions.