J. Bruce Fields da1ce38aaa nfsd: stricter decoding of write-like NFSv2/v3 ops ... commit 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 upstream. The NFSv2/v3 code does not systematically check whether we decode past the end of the buffer. This generally appears to be harmless, but there are a few places where we do arithmetic on the pointers involved and don't account for the possibility that a length could be negative. Add checks to catch these. Reported-by: Tuomas Haanpää <thaan@synopsys.com> Reported-by: Ari Kauppi <ari@synopsys.com> Reviewed-by: NeilBrown <neilb@suse.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2017-05-08 07:46:02 +02:00
..
acl.h
auth.c
auth.h
blocklayout.c
blocklayoutxdr.c
blocklayoutxdr.h
cache.h
current_stateid.h
export.c
export.h
fault_inject.c
idmap.h
Kconfig
lockd.c
Makefile
netns.h
nfs2acl.c	nfsd: check permissions when setting ACLs	2016-07-27 09:47:30 -07:00
nfs3acl.c	nfsd: check permissions when setting ACLs	2016-07-27 09:47:30 -07:00
nfs3proc.c
nfs3xdr.c	nfsd: stricter decoding of write-like NFSv2/v3 ops	2017-05-08 07:46:02 +02:00
nfs4acl.c	nfsd: check permissions when setting ACLs	2016-07-27 09:47:30 -07:00
nfs4callback.c
nfs4idmap.c
nfs4layouts.c	NFSD: Fix a null reference case in find_or_create_lock_stateid()	2017-02-09 08:02:45 +01:00
nfs4proc.c
nfs4recover.c
nfs4state.c	NFSD: Fix a null reference case in find_or_create_lock_stateid()	2017-02-09 08:02:45 +01:00
nfs4xdr.c
nfscache.c
nfsctl.c
nfsd.h
nfsfh.c
nfsfh.h
nfsproc.c
nfssvc.c	nfsd: check for oversized NFSv2/v3 arguments	2017-05-02 21:19:56 -07:00
nfsxdr.c	nfsd: stricter decoding of write-like NFSv2/v3 ops	2017-05-08 07:46:02 +02:00
pnfs.h
state.h	NFSD: Fix a null reference case in find_or_create_lock_stateid()	2017-02-09 08:02:45 +01:00
stats.c
stats.h
trace.c
trace.h
vfs.c	nfsd: special case truncates some more	2017-03-12 06:37:30 +01:00
vfs.h
xdr.h
xdr3.h
xdr4.h
xdr4cb.h