Tom Rini писал 2022-06-06 17:43:
On Thu, Jun 02, 2022 at 09:18:42PM +0300, gerbert wrote:
This patch tries to fix a CVE-2019-14196 fix
In if-condition, where NFSV2_FLAG is checked, memcpy call is
performed
to transfer a reply data of NFS_FHSIZE size. Since the data field in
struct rpc_t
o out-of-bounds write (considering
the size of data array won't change in the future). So the memcpy call
will copy exactly NFS_FHSIZE (32) bytes from (rpc_pkt.u.reply.data + 1).
Signed-off-by: gerbert
---
net/nfs.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/nfs.c b/net/n
Heinrich Schuchardt писал 2022-06-04 20:44:
On 6/2/22 20:32, gerbert wrote:
This patch tries to fix a CVE-2019-14196 fix
In if-condition, where NFSV2_FLAG is checked, memcpy call is
performed
to transfer a reply data of NFS_FHSIZE size. Since the data field in
struct rpc_t structure has
dary check
(filefh3_length > NFS3_FHSIZE), which exists, but also make sure that
filefh3_length is not negative.
Signed-off-by: gerbert
---
net/nfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/nfs.c b/net/nfs.c
index 9152ab742e..5186130ea9 100644
--- a/net/nfs.c
++
dary check
(filefh3_length > NFS3_FHSIZE), which exists, but also make sure that
filefh3_length is not negative.
Signed-off-by: gerbert
---
net/nfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/nfs.c b/net/nfs.c
index 9152ab742e..5186130ea9 100644
--- a/net/nfs.c
++
5 matches
Mail list logo