evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/nfs
History
Jia-Ju Bai 5deaece94a fs: nfs: Fix possible null-pointer dereferences in encode_attrs() 
[ Upstream commit e2751463eaa6f9fec8fea80abbdc62dbc487b3c5 ]

In encode_attrs(), there is an if statement on line 1145 to check
whether label is NULL:
    if (label && (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL))

When label is NULL, it is used on lines 1178-1181:
    *p++ = cpu_to_be32(label->lfs);
    *p++ = cpu_to_be32(label->pi);
    *p++ = cpu_to_be32(label->len);
    p = xdr_encode_opaque_fixed(p, label->label, label->len);

To fix these bugs, label is checked before being used.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-10-17 13:40:54 -07:00
..
blocklayout pnfs/blocklayout: off by one in bl_map_stripe() 2018-09-09 20:04:34 +02:00
filelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
flexfilelayout NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
objlayout
cache_lib.c
cache_lib.h
callback.c
callback.h
callback_proc.c
callback_xdr.c NFSv4.0 fix client reference leak in callback 2018-09-19 22:48:57 +02:00
client.c
delegation.c
delegation.h
dir.c NFS: Fix a typo in nfs_rename() 2017-12-16 10:33:55 +01:00
direct.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
dns_resolve.c
dns_resolve.h
file.c
fscache-index.c
fscache.c
fscache.h
getroot.c
inode.c NFSv4: Handle the special Linux file open access mode 2019-08-04 09:34:50 +02:00
internal.h NFS: Fix 2 use after free issues in the I/O code 2017-09-13 14:09:46 -07:00
iostat.h
Kconfig pnfs/blocklayout: require 64-bit sector_t 2017-08-16 13:40:30 -07:00
Makefile
mount_clnt.c
namespace.c
netns.h
nfs.h
nfs2super.c
nfs2xdr.c
nfs3_fs.h
nfs3acl.c
nfs3client.c
nfs3proc.c
nfs3super.c
nfs3xdr.c
nfs4_fs.h NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() 2019-09-06 10:18:07 +02:00
nfs4client.c NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() 2019-09-06 10:18:07 +02:00
nfs4file.c NFSv4: Fix return values for nfs4_file_open() 2019-09-21 07:12:49 +02:00
nfs4getroot.c
nfs4idmap.c NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message 2018-07-03 11:21:34 +02:00
nfs4idmap.h
nfs4namespace.c
nfs4proc.c NFSv4: Fix open create exclusive when the server reboots 2019-08-04 09:34:55 +02:00
nfs4renewd.c
nfs4session.c
nfs4session.h
nfs4state.c NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() 2019-09-06 10:18:07 +02:00
nfs4super.c
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-05-30 07:48:53 +02:00
nfs4trace.c
nfs4trace.h
nfs4xdr.c fs: nfs: Fix possible null-pointer dereferences in encode_attrs() 2019-10-17 13:40:54 -07:00
nfs42.h
nfs42proc.c
nfs42xdr.c
nfsroot.c
nfstrace.c
nfstrace.h
pagelist.c NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup 2019-09-21 07:12:49 +02:00
pnfs.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
pnfs.h
pnfs_dev.c
pnfs_nfs.c
proc.c NFSv2: Fix write regression 2019-09-21 07:12:51 +02:00
read.c NFS41: pop some layoutget errors to application 2019-03-23 08:44:38 +01:00
super.c NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. 2019-05-16 19:44:51 +02:00
symlink.c
sysctl.c
unlink.c
write.c NFS: Add a cond_resched() to nfs_commit_release_pages() 2018-02-16 20:09:42 +01:00