Avoid reading past buffer when calling GETACL
authorSachin Prabhu <sprabhu@redhat.com>
Tue, 17 Apr 2012 13:35:39 +0000 (14:35 +0100)
committerVarun Wadekar <vwadekar@nvidia.com>
Mon, 14 May 2012 13:22:51 +0000 (18:22 +0530)
commit69b35ad15b68e82c5504a438483cd37e8a170b0b
treecff518034aad6b7b241abb500e55853cd792e809
parent574cc9bd93e57b30e64378e04de74fee253b5f24
Avoid reading past buffer when calling GETACL

Bug noticed in commit
bf118a342f10dafe44b14451a1392c3254629a1f

When calling GETACL, if the size of the bitmap array, the length
attribute and the acl returned by the server is greater than the
allocated buffer(args.acl_len), we can Oops with a General Protection
fault at _copy_from_pages() when we attempt to read past the pages
allocated.

This patch allocates an extra PAGE for the bitmap and checks to see that
the bitmap + attribute_length + ACLs don't exceed the buffer space
allocated to it.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reported-by: Jian Li <jiali@redhat.com>
[Trond: Fixed a size_t vs unsigned int printk() warning]
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fs/nfs/nfs4proc.c
fs/nfs/nfs4xdr.c