[PATCH] kNFSd: NFSv4: overflow check in nfsd_commit()

Sanity check COMMIT arguments by ensuring that (start)+(length) < 2^64. The check is done in a way which is free of signedness pathologies in all cases. This change was inspired by pynfs, Peter Astrand's regression testsuite for NFSv4 servers. The change is necessary for all of the COMMIT tests to pass. However, it's a little open to debate whether the change is really needed. I'm curious to hear the opinions of other developers.

[PATCH] kNFSd: NFSv4: overflow check in nfsd_commit()
Sanity check COMMIT arguments by ensuring that (start)+(length) < 2^64. The check is done in a way which is free of signedness pathologies in all cases. This change was inspired by pynfs, Peter Astrand's regression testsuite for NFSv4 servers. The change is necessary for all of the COMMIT tests to pass. However, it's a little open to debate whether the change is really needed. I'm curious to hear the opinions of other developers.
15a094e2 · Kendrick M. Smith · Linus Torvalds · 7aefa9c7 · 15a094e2
Commit 15a094e2 authored Aug 22, 2002 by Kendrick M. Smith Committed by Linus Torvalds Aug 22, 2002
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

fs/nfsd/vfs.c fs/nfsd/vfs.c +3 -0

No files found.
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -756,6 +756,9 @@ nfsd_commit(struct svc_rqst *rqstp, struct svc_fh *fhp,
 	struct file	file;
 	int		err;

+	if ((u64)count > ~(u64)offset)
+		return nfserr_inval;
+
 	if ((err = nfsd_open(rqstp, fhp, S_IFREG, MAY_WRITE, &file)) != 0)
 		return err;
 	if (EX_ISSYNC(fhp->fh_export)) {