From patchwork Fri Nov 15 16:38:01 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Weston Andros Adamson X-Patchwork-Id: 3189181 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id E7C009F3AE for ; Fri, 15 Nov 2013 16:38:15 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D38832095C for ; Fri, 15 Nov 2013 16:38:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B047620931 for ; Fri, 15 Nov 2013 16:38:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751342Ab3KOQiI (ORCPT ); Fri, 15 Nov 2013 11:38:08 -0500 Received: from mx12.netapp.com ([216.240.18.77]:15958 "EHLO mx12.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751053Ab3KOQiH (ORCPT ); Fri, 15 Nov 2013 11:38:07 -0500 X-IronPort-AV: E=Sophos;i="4.93,708,1378882800"; d="scan'208";a="116034872" Received: from vmwexceht02-prd.hq.netapp.com ([10.106.76.240]) by mx12-out.netapp.com with ESMTP; 15 Nov 2013 08:38:07 -0800 Received: from smtp1.corp.netapp.com (10.57.156.124) by VMWEXCEHT02-PRD.hq.netapp.com (10.106.76.240) with Microsoft SMTP Server id 14.3.158.1; Fri, 15 Nov 2013 08:38:06 -0800 Received: from vpn2ntap-19511.vpn.netapp.com (vpn2ntap-19511.vpn.netapp.com [10.55.68.238]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id rAFGc4Bx010015; Fri, 15 Nov 2013 08:38:04 -0800 (PST) From: Weston Andros Adamson To: CC: , Weston Andros Adamson Subject: [PATCH] NFS: -EIO from decode_bitmap if too many bitmaps Date: Fri, 15 Nov 2013 11:38:01 -0500 Message-ID: <1384533481-2254-1-git-send-email-dros@netapp.com> X-Mailer: git-send-email 1.8.3.1 (Apple Git-46) MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP decode_bitmap will only decode up to three bitmaps. If the xdr buffer has more than three bitmaps, return -EIO here instead of bailing out in a later xdr decode. Signed-off-by: Weston Andros Adamson --- This is related to my "NFSv4: fix getacl ERANGE for some ACL buffer sizes" patch - I noticed that even though we'll only ever parse 3 bitmaps, we don't error out correctly if more are sent. This condition is probably never hit, but if it ever is, it'd be nice to have the code error out where the problem actually occurred. fs/nfs/nfs4xdr.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 5be2868..3866a69 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -3146,6 +3146,9 @@ static int decode_attr_bitmap(struct xdr_stream *xdr, uint32_t *bitmap) goto out_overflow; bmlen = be32_to_cpup(p); + if (unlikely(bmlen > 3)) + goto out_overflow; + bitmap[0] = bitmap[1] = bitmap[2] = 0; p = xdr_inline_decode(xdr, (bmlen << 2)); if (unlikely(!p))