This is a note to let you know that I've just added the patch titled
nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfsd4-buffer-length-check-for-suppattr_exclcreat.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From de3997a7eeb9ea286b15879fdf8a95aae065b4f7 Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <[email protected]>
Date: Tue, 28 Jan 2014 16:05:15 -0500
Subject: nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
From: "J. Bruce Fields" <[email protected]>
commit de3997a7eeb9ea286b15879fdf8a95aae065b4f7 upstream.
This was an omission from 8c18f2052e756e7d5dea712fc6e7ed70c00e8a39
"nfsd41: SUPPATTR_EXCLCREAT attribute".
Cc: Benny Halevy <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/nfsd/nfs4xdr.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2410,6 +2410,8 @@ out_acl:
WRITE64(stat.ino);
}
if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
+ if ((buflen -= 16) < 0)
+ goto out_resource;
WRITE32(3);
WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
Patches currently in stable-queue which might be from [email protected] are
queue-3.4/nfsd4-fix-test_stateid-error-reply-encoding.patch
queue-3.4/nfsd4-session-needs-room-for-following-op-to-error-out.patch
queue-3.4/nfsd4-buffer-length-check-for-suppattr_exclcreat.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
