| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 May 2017 14:31:21 +0100
From: Colin King <colin.king@...onical.com>
To: Ari Kauppi <ari@...opsys.com>,
"J . Bruce Fields" <bfields@...ldses.org>,
Jeff Layton <jlayton@...chiereds.net>,
linux-nfs@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] nfsd: avoid out of bounds read on array nfsd4_layout_ops
From: Colin Ian King <colin.king@...onical.com>
Array nfsd4_layout_ops has LAYOUT_TYPE_MAX elements (which is currently
just 6), so check for this upper bound rather than the hard coded upper
bound of 32 to avoid an out of bounds read on array nfsd4_layout_ops.
Detected by CoverityScan, CID#1433518 ("Out-of-bounds read")
Fixes: e79104c9bd2d26 ("nfsd: fix undefined behavior in nfsd4_layout_verify")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
fs/nfsd/nfs4proc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 1dbf62190bee..c453a1998e00 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1259,7 +1259,8 @@ nfsd4_layout_verify(struct svc_export *exp, unsigned int layout_type)
return NULL;
}
- if (layout_type >= 32 || !(exp->ex_layout_types & (1 << layout_type))) {
+ if (layout_type >= LAYOUT_TYPE_MAX ||
+ !(exp->ex_layout_types & (1 << layout_type))) {
dprintk("%s: layout type %d not supported\n",
__func__, layout_type);
return NULL;
--
2.11.0
Powered by blists - more mailing lists