Avoid reading past buffer when calling GETACL - asmadeus/linux.git

diff options

author	Sachin Prabhu <sprabhu@redhat.com>	2012-04-17 14:35:39 +0100
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-04-27 13:15:07 -0400
commit	5a00689930ab975fdd1b37b034475017e460cf2a (patch)
tree	9cc6df10ac849488efe28ea811e55c213c22a754 /fs/openpromfs
parent	10bd295a0b6488ebe634b72a11d8986bd3af3819 (diff)

Avoid reading past buffer when calling GETACL

Bug noticed in commit bf118a342f10dafe44b14451a1392c3254629a1f When calling GETACL, if the size of the bitmap array, the length attribute and the acl returned by the server is greater than the allocated buffer(args.acl_len), we can Oops with a General Protection fault at _copy_from_pages() when we attempt to read past the pages allocated. This patch allocates an extra PAGE for the bitmap and checks to see that the bitmap + attribute_length + ACLs don't exceed the buffer space allocated to it. Signed-off-by: Sachin Prabhu <sprabhu@redhat.com> Reported-by: Jian Li <jiali@redhat.com> [Trond: Fixed a size_t vs unsigned int printk() warning] Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

Diffstat (limited to 'fs/openpromfs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: