linux/fs/nfsd
J. Bruce Fields 4aed9c46af nfsd4: fix bad bounds checking
A number of spots in the xdr decoding follow a pattern like

	n = be32_to_cpup(p++);
	READ_BUF(n + 4);

where n is a u32.  The only bounds checking is done in READ_BUF itself,
but since it's checking (n + 4), it won't catch cases where n is very
large, (u32)(-4) or higher.  I'm not sure exactly what the consequences
are, but we've seen crashes soon after.

Instead, just break these up into two READ_BUF()s.

Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-03-01 13:02:57 -08:00
..
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c nfsd: silence sparse warning about accessing credentials 2014-07-17 16:15:35 -04:00
auth.h
blocklayout.c nfsd/blocklayout: accept any minlength 2015-10-09 16:11:40 -04:00
blocklayoutxdr.c pnfs: move common blocklayout XDR defintions to nfs4.h 2015-08-17 13:22:49 -05:00
blocklayoutxdr.h pnfs: move common blocklayout XDR defintions to nfs4.h 2015-08-17 13:22:49 -05:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h
export.c sunrpc/nfsd: Remove redundant code by exports seq_operations functions 2015-08-13 08:59:02 -04:00
export.h nfsd: include linux/nfs4.h in export.h 2015-08-13 10:21:21 -04:00
fault_inject.c nfsd: remove old fault injection infrastructure 2014-08-05 10:55:10 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig Merge branch 'for-4.1' of git://linux-nfs.org/~bfields/linux 2015-04-24 07:46:05 -07:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
Makefile nfsd: pNFS block layout driver 2015-02-05 14:35:18 +01:00
netns.h nfsd: recover: constify nfsd4_client_tracking_ops structures 2015-11-23 12:15:30 -07:00
nfs2acl.c nfsd: Add macro NFS_ACL_MASK for ACL 2015-07-20 14:58:46 -04:00
nfs3acl.c nfsd: Add macro NFS_ACL_MASK for ACL 2015-07-20 14:58:46 -04:00
nfs3proc.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
nfs3xdr.c nfsd: don't hold i_mutex over userspace upcalls 2016-01-09 03:07:52 -05:00
nfs4acl.c nfsd: Fix two typos in comments 2015-08-13 10:26:24 -04:00
nfs4callback.c nfsd: don't base cl_cb_status on stale information 2015-12-23 10:08:14 -05:00
nfs4idmap.c nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
nfs4layouts.c Smaller bugfixes and cleanup, including a fix for a failures of 2016-01-15 12:49:44 -08:00
nfs4proc.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfs4recover.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfs4state.c Smaller bugfixes and cleanup, including a fix for a failures of 2016-01-15 12:49:44 -08:00
nfs4xdr.c nfsd4: fix bad bounds checking 2016-03-01 13:02:57 -08:00
nfscache.c nfsd: remove recurring workqueue job to clean DRC 2015-11-10 09:25:51 -05:00
nfsctl.c nfsd: fix nsfd startup race triggering BUG_ON 2015-04-21 16:16:03 -04:00
nfsd.h nfsd: eliminate NFSD_DEBUG 2015-04-21 16:16:02 -04:00
nfsfh.c nfsd: switch unsigned char flags in svc_fh to bools 2015-10-12 17:31:04 -04:00
nfsfh.h wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfsproc.c nfsd: Disable NFSv2 timestamp workaround for NFSv3+ 2015-05-29 11:04:01 -04:00
nfssvc.c nfsd: Fix nfsd leaks sunrpc module references 2016-01-07 10:10:51 -05:00
nfsxdr.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
pnfs.h nfsd4: fix v3-less build 2015-02-16 11:43:13 -05:00
state.h Smaller bugfixes and cleanup, including a fix for a failures of 2016-01-15 12:49:44 -08:00
stats.c
stats.h
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
vfs.h nfsd: implement the NFSv4.2 CLONE operation 2015-12-07 23:12:00 -05:00
xdr3.h
xdr4.h nfsd: implement the NFSv4.2 CLONE operation 2015-12-07 23:12:00 -05:00
xdr4cb.h nfsd: implement pNFS layout recalls 2015-02-02 18:09:43 +01:00
xdr.h