RE: [PATCH] NFSv4: Check for buffer length in__nfs4_get_acl_uncached

[Myklebust, Trond]

> -----Original Message-----
> From: linux-nfs-owner@xxxxxxxxxxxxxxx [mailto:linux-nfs-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Sven Wegener
> Sent: Wednesday, December 12, 2012 6:15 PM
> To: Myklebust, Trond
> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: [PATCH] NFSv4: Check for buffer length in
> __nfs4_get_acl_uncached
> 
> Commit 1f1ea6c "NFSv4: Fix buffer overflow checking in
> __nfs4_get_acl_uncached" accidently dropped the checking for too small
> result buffer length.
> 
> If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount
> supporting ACLs, the ACL has not been cached and the buffer suplied is too
> short, we still copy the complete ACL, resulting in kernel and user space
> memory corruption.
> 
> Signed-off-by: Sven Wegener <sven.wegener@xxxxxxxxxxx>
> Cc: stable@xxxxxxxxxx
> ---
>  fs/nfs/nfs4proc.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> Resending, because it did not get any response.

Sorry. I've already applied it to the nfs-for-next branch on git.linux-nfs.org, so it should go in during this merge window.

Cheers
  Trond
N‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~†­†Ûiÿûàz¹®w¥¢¸?™¨è­Ú&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ0¶ìh®å’i