lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Dec 2012 00:44:26 +0000 From: "Myklebust, Trond" <Trond.Myklebust@...app.com> To: Sven Wegener <sven.wegener@...aler.net> CC: "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [PATCH] NFSv4: Check for buffer length in __nfs4_get_acl_uncached > -----Original Message----- > From: linux-nfs-owner@...r.kernel.org [mailto:linux-nfs- > owner@...r.kernel.org] On Behalf Of Sven Wegener > Sent: Wednesday, December 12, 2012 6:15 PM > To: Myklebust, Trond > Cc: linux-nfs@...r.kernel.org; linux-kernel@...r.kernel.org > Subject: [PATCH] NFSv4: Check for buffer length in > __nfs4_get_acl_uncached > > Commit 1f1ea6c "NFSv4: Fix buffer overflow checking in > __nfs4_get_acl_uncached" accidently dropped the checking for too small > result buffer length. > > If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount > supporting ACLs, the ACL has not been cached and the buffer suplied is too > short, we still copy the complete ACL, resulting in kernel and user space > memory corruption. > > Signed-off-by: Sven Wegener <sven.wegener@...aler.net> > Cc: stable@...nel.org > --- > fs/nfs/nfs4proc.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > Resending, because it did not get any response. Sorry. I've already applied it to the nfs-for-next branch on git.linux-nfs.org, so it should go in during this merge window. Cheers Trond
Powered by blists - more mailing lists