• Trond Myklebust's avatar
    NFSv4: Fix buffer overflow checking in __nfs4_get_acl_uncached · 1f1ea6c2
    Trond Myklebust authored
    Pass the checks made by decode_getacl back to __nfs4_get_acl_uncached
    so that it knows if the acl has been truncated.
    
    The current overflow checking is broken, resulting in Oopses on
    user-triggered nfs4_getfacl calls, and is opaque to the point
    where several attempts at fixing it have failed.
    This patch tries to clean up the code in addition to fixing the
    Oopses by ensuring that the overflow checks are performed in
    a single place (decode_getacl). If the overflow check failed,
    we will still be able to report the acl length, but at least
    we will no longer attempt to cache the acl or copy the
    truncated contents to user space.
    Reported-by: default avatarSachin Prabhu <sprabhu@redhat.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    Tested-by: default avatarSachin Prabhu <sprabhu@redhat.com>
    1f1ea6c2
nfs4proc.c 186 KB