Skip to content

Commit

Permalink
nfsd: fix buffer overrun decoding NFSv4 acl
Browse files Browse the repository at this point in the history 
The array we kmalloc() here is not large enough.

Thanks to Johann Dahm and David Richter for bug report and testing.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: David Richter <richterd@citi.umich.edu>
Tested-by: Johann Dahm <jdahm@umich.edu>
  • Loading branch information
J. Bruce Fields committed Sep 1, 2008
1 parent 27df6f2 commit 91b8096
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/nfsd/nfs4acl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
* enough space for either:
*/
alloc = sizeof(struct posix_ace_state_array)
+ cnt*sizeof(struct posix_ace_state);
+ cnt*sizeof(struct posix_user_ace_state);
state->users = kzalloc(alloc, GFP_KERNEL);
if (!state->users)
return -ENOMEM;
Expand Down

0 comments on commit 91b8096

Please sign in to comment.