Avoid reading past buffer when calling GETACL
Bug noticed in commit bf118a34 When calling GETACL, if the size of the bitmap array, the length attribute and the acl returned by the server is greater than the allocated buffer(args.acl_len), we can Oops with a General Protection fault at _copy_from_pages() when we attempt to read past the pages allocated. This patch allocates an extra PAGE for the bitmap and checks to see that the bitmap + attribute_length + ACLs don't exceed the buffer space allocated to it. Signed-off-by: NSachin Prabhu <sprabhu@redhat.com> Reported-by: NJian Li <jiali@redhat.com> [Trond: Fixed a size_t vs unsigned int printk() warning] Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Showing
想要评论请 注册 或 登录