Skip to content
Commit 5a006899 authored by Sachin Prabhu's avatar Sachin Prabhu Committed by Trond Myklebust
Browse files

Avoid reading past buffer when calling GETACL 

Bug noticed in commit
bf118a34



When calling GETACL, if the size of the bitmap array, the length
attribute and the acl returned by the server is greater than the
allocated buffer(args.acl_len), we can Oops with a General Protection
fault at _copy_from_pages() when we attempt to read past the pages
allocated.

This patch allocates an extra PAGE for the bitmap and checks to see that
the bitmap + attribute_length + ACLs don't exceed the buffer space
allocated to it.

Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
Reported-by: default avatarJian Li <jiali@redhat.com>
[Trond: Fixed a size_t vs unsigned int printk() warning]
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 10bd295a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment