diff options
| author | J. Bruce Fields <bfields@citi.umich.edu> | 2008-09-01 14:51:02 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-09-08 04:44:32 -0700 |
| commit | ee69675af511022b8a324c4a208a91f901f0a6c4 (patch) | |
| tree | 2c0f8a5cf344e64f62a02bcc2614411fc2478f4d | |
| parent | 94d5272a13ad73b0960826c61f3944cf7eb7286a (diff) | |
| download | kernel-common-ee69675af511022b8a324c4a208a91f901f0a6c4.tar.gz kernel-common-ee69675af511022b8a324c4a208a91f901f0a6c4.tar.bz2 kernel-common-ee69675af511022b8a324c4a208a91f901f0a6c4.zip | |
nfsd: fix buffer overrun decoding NFSv4 acl
commit 91b80969ba466ba4b915a4a1d03add8c297add3f upstream
The array we kmalloc() here is not large enough.
Thanks to Johann Dahm and David Richter for bug report and testing.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: David Richter <richterd@citi.umich.edu>
Tested-by: Johann Dahm <jdahm@umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | fs/nfsd/nfs4acl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c index b6ed38380ab8..54b8b4140c8f 100644 --- a/fs/nfsd/nfs4acl.c +++ b/fs/nfsd/nfs4acl.c @@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt) * enough space for either: */ alloc = sizeof(struct posix_ace_state_array) - + cnt*sizeof(struct posix_ace_state); + + cnt*sizeof(struct posix_user_ace_state); state->users = kzalloc(alloc, GFP_KERNEL); if (!state->users) return -ENOMEM; |