xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NFSv4.2: Fix a memory stomp in decode_attr_security_label

Browse Source 
[ Upstream commit 43c1031f7110967c240cb6e922adcfc4b8899183 ]

We must not change the value of label->len if it is zero, since that
indicates we stored a label.

Fixes: b4487b9354 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Trond Myklebust
2022-10-18 18:21:14 -04:00
committed by Greg Kroah-Hartman
parent 58a1023eb5
commit 15feece7af
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
fs/nfs/nfs4xdr.c
View File

@@ -4168,12 +4168,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
return -EIO; return -EIO;
bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL; bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
if (len < NFS4_MAXLABELLEN) { if (len < NFS4_MAXLABELLEN) {
if (label) { if (label && label->len) {
if (label->len) { if (label->len < len)
if (label->len < len) return -ERANGE;
return -ERANGE; memcpy(label->label, p, len);
memcpy(label->label, p, len);
}
label->len = len; label->len = len;
label->pi = pi; label->pi = pi;
label->lfs = lfs; label->lfs = lfs;