mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-21 00:10:09 +00:00
nfsd: fix buffer overrun decoding NFSv4 acl
The array we kmalloc() here is not large enough. Thanks to Johann Dahm and David Richter for bug report and testing. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: David Richter <richterd@citi.umich.edu> Tested-by: Johann Dahm <jdahm@umich.edu>
This commit is contained in:
parent
27df6f25ff
commit
91b80969ba
1 changed files with 1 additions and 1 deletions
|
@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
|
||||||
* enough space for either:
|
* enough space for either:
|
||||||
*/
|
*/
|
||||||
alloc = sizeof(struct posix_ace_state_array)
|
alloc = sizeof(struct posix_ace_state_array)
|
||||||
+ cnt*sizeof(struct posix_ace_state);
|
+ cnt*sizeof(struct posix_user_ace_state);
|
||||||
state->users = kzalloc(alloc, GFP_KERNEL);
|
state->users = kzalloc(alloc, GFP_KERNEL);
|
||||||
if (!state->users)
|
if (!state->users)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
Loading…
Reference in a new issue