Evolution-X-Devices/kernel_samsung_sdm670
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NFSv4.2: Fix a memory stomp in decode_attr_security_label

Browse Source 
[ Upstream commit 43c1031f7110967c240cb6e922adcfc4b8899183 ]

We must not change the value of label->len if it is zero, since that
indicates we stored a label.

Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Trond Myklebust
2022-10-18 18:21:14 -04:00
committed by Greg Kroah-Hartman
parent 2b6a8a1a32
commit 6f384464b9
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
fs/nfs/nfs4xdr.c
View File

@@ -4160,12 +4160,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
if (unlikely(!p))
goto out_overflow;
if (len < NFS4_MAXLABELLEN) {
if (label) {
if (label->len) {
if (label->len < len)
return -ERANGE;
memcpy(label->label, p, len);
}
if (label && label->len) {
if (label->len < len)
return -ERANGE;
memcpy(label->label, p, len);
label->len = len;
label->pi = pi;
label->lfs = lfs;