iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs/nfsd
History
Chuck Lever 10c22d9519 NFSD: Fix exposure in nfsd4_decode_bitmap() 
[ Upstream commit c0019b7db1d7ac62c711cda6b357a659d46428fe ]

rtm@csail.mit.edu reports:
> nfsd4_decode_bitmap4() will write beyond bmval[bmlen-1] if the RPC
> directs it to do so. This can cause nfsd4_decode_state_protect4_a()
> to write client-supplied data beyond the end of
> nfsd4_exchange_id.spo_must_allow[] when called by
> nfsd4_decode_exchange_id().

Rewrite the loops so nfsd4_decode_bitmap() cannot iterate beyond
@bmlen.

Reported by: rtm@csail.mit.edu
Fixes: d1c263a031e8 ("NFSD: Replace READ* macros in nfsd4_decode_fattr()")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-25 09:48:35 +01:00
..
acl.h
nfsd: eliminate an unnecessary acl size limit
2019-08-28 21:13:45 -04:00
auth.c
nfsd: auth: Fix gid sorting when rootsquash enabled
2018-01-22 20:13:07 -08:00
auth.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
blocklayout.c
block: remove REQ_OP_SCSI_{IN,OUT}
2021-06-30 15:34:19 -06:00
blocklayoutxdr.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
blocklayoutxdr.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cache.h
nfsd4: make drc_slab global, not per-net
2020-06-01 17:44:45 -04:00
current_stateid.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
export.c
idmapped-mounts-v5.12
2021-02-23 13:39:45 -08:00
export.h
nfsd: report per-export stats
2021-01-25 09:36:28 -05:00
fault_inject.c
nfsd: no need to check return value of debugfs_create functions
2019-07-03 16:57:17 +02:00
filecache.c
nfsd: Fix a warning for nfsd_file_close_inode
2021-10-01 11:17:40 -04:00
filecache.h
nfsd: convert file cache to use over/underflow safe refcount
2020-02-06 11:22:55 -05:00
flexfilelayout.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
flexfilelayoutxdr.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
flexfilelayoutxdr.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
idmap.h
Kconfig
scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON
2021-07-28 22:24:27 -04:00
lockd.c
Keep read and write fds with each nlm_file
2021-08-23 18:05:31 -04:00
Makefile
nfsd: remove fault injection code
2020-09-25 18:01:26 -04:00
netns.h
NFSD: delay unmount source's export after inter-server copy completed.
2021-05-25 17:06:51 -04:00
nfs2acl.c
NFSD: Update the NFSv2 ACL ACCESS result encoder to use struct xdr_stream
2021-03-22 10:19:01 -04:00
nfs3acl.c
nfsd: fix NULL dereference in nfs3svc_encode_getaclres
2021-07-06 20:14:44 -04:00
nfs3proc.c
NFSD: Reduce svc_rqst::rq_pages churn during READDIR operations
2021-03-22 10:18:56 -04:00
nfs3xdr.c
NFSD: Clean up NFSDDBG_FACILITY macro
2021-03-22 10:19:02 -04:00
nfs4acl.c
acl: handle idmapped mounts
2021-01-24 14:27:17 +01:00
nfs4callback.c
nfsd: rpc_peeraddr2str needs rcu lock
2021-07-06 20:14:42 -04:00
nfs4idmap.c
nfsd: Use seq_putc() in two functions
2020-07-13 17:28:46 -04:00
nfs4layouts.c
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
nfs4proc.c
nfsd: remove redundant assignment to pointer 'this'
2021-07-06 20:14:44 -04:00
nfs4recover.c
nfsd: Log client tracking type log message as info instead of warning
2021-03-22 10:19:03 -04:00
nfs4state.c
Critical bug fixes:
2021-09-22 09:21:02 -07:00
nfs4xdr.c
NFSD: Fix exposure in nfsd4_decode_bitmap()
2021-11-25 09:48:35 +01:00
nfscache.c
nfsd: protect concurrent access to nfsd stats counters
2021-01-25 09:36:27 -05:00
nfsctl.c
NFSD: Keep existing listeners on portlist error
2021-10-06 13:24:25 -04:00
nfsd.h
NFSD: delay unmount source's export after inter-server copy completed.
2021-05-25 17:06:51 -04:00
nfsfh.c
NFSD: Update the GETATTR3res encoder to use struct xdr_stream
2021-03-22 10:18:51 -04:00
nfsfh.h
NFSD: Constify @fh argument of knfsd_fh_hash()
2021-05-18 13:44:03 -04:00
nfsproc.c
nfs: don't allow reexport reclaims
2021-08-26 15:32:28 -04:00
nfssvc.c
NFSD: delay unmount source's export after inter-server copy completed.
2021-05-25 17:06:51 -04:00
nfsxdr.c
NFSD: Clean up NFSDDBG_FACILITY macro
2021-03-22 10:19:02 -04:00
pnfs.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
state.h
nfsd: track filehandle aliasing in nfs4_files
2021-04-19 16:41:36 -04:00
stats.c
nfsd: protect concurrent access to nfsd stats counters
2021-01-25 09:36:27 -05:00
stats.h
nfsd: report per-export stats
2021-01-25 09:36:28 -05:00
trace.c
NFSD: Add SPDX header for fs/nfsd/trace.c
2020-11-30 13:00:24 -05:00
trace.h
NFSD: Use new __string_len C macros for nfsd_clid_class
2021-08-17 11:47:52 -04:00
vfs.c
New features:
2021-08-31 10:57:06 -07:00
vfs.h
NFSD: Update the NFSv3 ACCESS3res encoder to use struct xdr_stream
2021-03-22 10:18:52 -04:00
xdr3.h
NFSD: Clean up after updating NFSv3 ACL encoders
2021-03-22 10:19:02 -04:00
xdr4.h
NFSD add vfs_fsync after async copy is done
2021-05-25 17:06:51 -04:00
xdr4cb.h
NFSD CB_OFFLOAD xdr
2018-09-25 20:34:54 -04:00
xdr.h
NFSD: Clean up after updating NFSv2 ACL encoders
2021-03-22 10:19:01 -04:00