> -----Original Message----- > From: linux-nfs-ow...@vger.kernel.org [mailto:linux-nfs- > ow...@vger.kernel.org] On Behalf Of Sven Wegener > Sent: Wednesday, December 12, 2012 6:15 PM > To: Myklebust, Trond > Cc: linux-...@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: [PATCH] NFSv4: Check for buffer length in > __nfs4_get_acl_uncached > > Commit 1f1ea6c "NFSv4: Fix buffer overflow checking in > __nfs4_get_acl_uncached" accidently dropped the checking for too small > result buffer length. > > If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount > supporting ACLs, the ACL has not been cached and the buffer suplied is too > short, we still copy the complete ACL, resulting in kernel and user space > memory corruption. > > Signed-off-by: Sven Wegener <sven.wege...@stealer.net> > Cc: sta...@kernel.org > --- > fs/nfs/nfs4proc.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > Resending, because it did not get any response.
Sorry. I've already applied it to the nfs-for-next branch on git.linux-nfs.org, so it should go in during this merge window. Cheers Trond N�����r��y����b�X��ǧv�^�){.n�+����{����zX����ܨ}���Ơz�&j:+v�������zZ+��+zf���h���~����i���z��w���?�����&�)ߢf��^jǫy�m��@A�a��� 0��h���i