projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 27df6f2)
nfsd: fix buffer overrun decoding NFSv4 acl
authorJ. Bruce Fields <[email protected]>
Fri, 29 Aug 2008 23:18:45 +0000 (19:18 -0400)
committerJ. Bruce Fields <[email protected]>
Mon, 1 Sep 2008 18:24:24 +0000 (14:24 -0400)
The array we kmalloc() here is not large enough.

Thanks to Johann Dahm and David Richter for bug report and testing.

Signed-off-by: J. Bruce Fields <[email protected]>
Cc: David Richter <[email protected]>
Tested-by: Johann Dahm <[email protected]>
fs/nfsd/nfs4acl.c patch | blob | history

diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
index b6ed38380ab805179f8354ab9454fc533e50da53..54b8b4140c8f6e32203363bd9b53e8aa2ed09f7e 100644 (file)
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
         * enough space for either:
         */
        alloc = sizeof(struct posix_ace_state_array)
-               + cnt*sizeof(struct posix_ace_state);
+               + cnt*sizeof(struct posix_user_ace_state);
        state->users = kzalloc(alloc, GFP_KERNEL);
        if (!state->users)
                return -ENOMEM;
John Crispins staging tree