1. 18 3月, 2016 7 次提交
  2. 16 3月, 2016 1 次提交
    • J
      nfsd: fix deadlock secinfo+readdir compound · 2f6fc056
      J. Bruce Fields 提交于
      nfsd_lookup_dentry exits with the parent filehandle locked.  fh_put also
      unlocks if necessary (nfsd filehandle locking is probably too lenient),
      so it gets unlocked eventually, but if the following op in the compound
      needs to lock it again, we can deadlock.
      
      A fuzzer ran into this; normal clients don't send a secinfo followed by
      a readdir in the same compound.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      2f6fc056
  3. 03 3月, 2016 1 次提交
  4. 02 3月, 2016 16 次提交
  5. 24 2月, 2016 1 次提交
    • S
      sunrpc/cache: fix off-by-one in qword_get() · b7052cd7
      Stefan Hajnoczi 提交于
      The qword_get() function NUL-terminates its output buffer.  If the input
      string is in hex format \xXXXX... and the same length as the output
      buffer, there is an off-by-one:
      
        int qword_get(char **bpp, char *dest, int bufsize)
        {
            ...
            while (len < bufsize) {
                ...
                *dest++ = (h << 4) | l;
                len++;
            }
            ...
            *dest = '\0';
            return len;
        }
      
      This patch ensures the NUL terminator doesn't fall outside the output
      buffer.
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      b7052cd7
  6. 15 2月, 2016 13 次提交
  7. 14 2月, 2016 1 次提交