nfsd4: memory corruption in numeric_name_to_id()

"id" is type is a uid_t (32 bits) but on 64 bit systems strict_strtoul() modifies 64 bits of data. We should use kstrtouint() instead. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com>

nfsd4: memory corruption in numeric_name_to_id()
"id" is type is a uid_t (32 bits) but on 64 bit systems strict_strtoul() modifies 64 bits of data. We should use kstrtouint() instead. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N J. Bruce Fields <bfields@redhat.com>
3af70613 · Dan Carpenter · J. Bruce Fields · 92769108 · 3af70613
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/nfsd/nfs4idmap.c fs/nfsd/nfs4idmap.c +1 -1

未找到文件。
--- a/fs/nfsd/nfs4idmap.c
+++ b/fs/nfsd/nfs4idmap.c
@@ -581,7 +581,7 @@ numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namel
 	/* Just to make sure it's null-terminated: */
 	memcpy(buf, name, namelen);
 	buf[namelen] = '\0';
-	ret = strict_strtoul(name, 10, (unsigned long *)id);
+	ret = kstrtouint(name, 10, id);
 	return ret == 0;
 }