On Fri, 2012-05-18 at 14:27 -0700, Greg KH wrote: > 3.3-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Sachin Prabhu <[email protected]> > > commit 5794d21ef4639f0e33440927bb903f9598c21e92 upstream. > > When attempting to cache ACLs returned from the server, if the bitmap > size + the ACL size is greater than a PAGE_SIZE but the ACL size itself > is smaller than a PAGE_SIZE, we can read past the buffer page boundary. > > Signed-off-by: Sachin Prabhu <[email protected]> > Reported-by: Jian Li <[email protected]> > Signed-off-by: Trond Myklebust <[email protected]> > Signed-off-by: Greg Kroah-Hartman <[email protected]> [...]
It looks like we need this for 3.2.y as well, so I've queued up: de040be NFS4: fix compile warnings in nfs4proc.c 5a00689 Avoid reading past buffer when calling GETACL 5794d21 Avoid beyond bounds copy while caching ACL For 3.0.y I think the preceding fixes are also needed: 628fc19 NFSv4: include bitmap in nfsv4 get acl data 331818f NFSv4: Fix an Oops in the NFSv4 getacl code 20e0fa9 Fix length of buffer copied in __nfs4_get_acl_uncached However, in 3.0.y, the 'bitmap' array in decode_getacl() has length 2, not 3, which results in textual conflicts for some of the above. Does it also affect the correctness of these fixes or is it an independent change? Ben. -- Ben Hutchings Teamwork is essential - it allows you to blame someone else.
signature.asc
Description: This is a digitally signed message part
