diff options
| author | Linus Torvalds | 2021-11-17 08:38:00 -0800 |
|---|---|---|
| committer | Linus Torvalds | 2021-11-17 08:38:00 -0800 |
| commit | ef1d8dda23e7df10b48c90f86b12c9b4c62da1ab (patch) | |
| tree | 6c932b91af61406a6859b9ece21db70901934223 /fs/nfsd | |
| parent | 8ab774587903771821b59471cc723bba6d893942 (diff) | |
| parent | c0019b7db1d7ac62c711cda6b357a659d46428fe (diff) | |
Merge tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields:
"This is just one bugfix for a buffer overflow in knfsd's xdr decoding"
* tag 'nfsd-5.16-1' of git://linux-nfs.org/~bfields/linux:
NFSD: Fix exposure in nfsd4_decode_bitmap()
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4xdr.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index b2a1d969a172..5a93a5db4fb0 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -288,11 +288,8 @@ nfsd4_decode_bitmap4(struct nfsd4_compoundargs *argp, u32 *bmval, u32 bmlen) p = xdr_inline_decode(argp->xdr, count << 2); if (!p) return nfserr_bad_xdr; - i = 0; - while (i < count) - bmval[i++] = be32_to_cpup(p++); - while (i < bmlen) - bmval[i++] = 0; + for (i = 0; i < bmlen; i++) + bmval[i] = (i < count) ? be32_to_cpup(p++) : 0; return nfs_ok; } |