nfsd: stricter decoding of write-like NFSv2/v3 ops
The NFSv2/v3 code does not systematically check whether we decode past the end of the buffer. This generally appears to be harmless, but there are a few places where we do arithmetic on the pointers involved and don't account for the possibility that a length could be negative. Add checks to catch these. Reported-by: NTuomas Haanpää <thaan@synopsys.com> Reported-by: NAri Kauppi <ari@synopsys.com> Reviewed-by: NNeilBrown <neilb@suse.com> Cc: stable@vger.kernel.org Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
Showing
想要评论请 注册 或 登录