mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

NFSv4.2: Fix a memory stomp in decode_attr_security_label 

[ Upstream commit 43c1031f71 ]

We must not change the value of label->len if it is zero, since that
indicates we stored a label.

Fixes: b4487b9354 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Trond Myklebust 2022-10-18 18:21:14 -04:00 committed by Greg Kroah-Hartman
parent 4711196ada
commit 7c6975209d
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fs/nfs/nfs4xdr.c
View File

@ -4236,12 +4236,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
return -EIO;
bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
if (len < NFS4_MAXLABELLEN) {
if (label) {
if (label->len) {
if (label->len < len)
return -ERANGE;
memcpy(label->label, p, len);
}
if (label && label->len) {
if (label->len < len)
return -ERANGE;
memcpy(label->label, p, len);
label->len = len;
label->pi = pi;
label->lfs = lfs;