From patchwork Fri Jan 11 09:52:17 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: fanchaoting <fanchaoting@cn.fujitsu.com>
X-Patchwork-Id: 1965391
Return-Path: <linux-nfs-owner@vger.kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork1.kernel.org (Postfix) with ESMTP id 7F53D3FE37
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Fri, 11 Jan 2013 09:51:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752077Ab3AKJv4 (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Fri, 11 Jan 2013 04:51:56 -0500
Received: from cn.fujitsu.com ([222.73.24.84]:13967 "EHLO
	song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1751591Ab3AKJvz (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Fri, 11 Jan 2013 04:51:55 -0500
X-IronPort-AV: E=Sophos;i="4.84,451,1355068800"; d="scan'208";a="6567409"
Received: from unknown (HELO tang.cn.fujitsu.com) ([10.167.250.3])
	by song.cn.fujitsu.com with ESMTP; 11 Jan 2013 17:49:51 +0800
Received: from fnstmail02.fnst.cn.fujitsu.com (tang.cn.fujitsu.com
	[127.0.0.1])
	by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id r0B9prnb006274;
	Fri, 11 Jan 2013 17:51:53 +0800
Received: from [127.0.0.1] ([10.167.225.240])
	by fnstmail02.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.3)
	with ESMTP id 2013011117511724-864888 ;
	Fri, 11 Jan 2013 17:51:17 +0800
Message-ID: <50EFE0D1.9090907@cn.fujitsu.com>
Date: Fri, 11 Jan 2013 17:52:17 +0800
From: fanchaoting <fanchaoting@cn.fujitsu.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"Myklebust, Trond" <Trond.Myklebust@netapp.com>
Subject: [PATCH] nfs4-acl-tools: when who's length is very big, nfs4_getacl
	core dump
X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release
	8.5.3|September 15, 2011) at 2013/01/11 17:51:17,
	Serialize by Router on mailserver/fnst(Release 8.5.3|September 15,
	2011) at 2013/01/11 17:51:17,
	Serialize complete at 2013/01/11 17:51:17
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

nfsv4 server can return a very large who's len(eg. wholen = 62343534343) 
in an FATTR4_WORD0_ACL request.It can cause nfs4_getacl core dump 
when call 'malloc((wholen + 1) * sizeof(char))'.

 This patch checked if who's len bigger than xattr_size when getfacl.

 This patch also fixed some code style.

Signed-off-by: Fan Chaoting <fanchaoting@cn.fujitsu.com>
---
 libnfs4acl/acl_nfs4_xattr_load.c |    6 ++++++
 libnfs4acl/nfs4_acl_for_path.c   |    8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

-- 1.7.1 

--

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/libnfs4acl/acl_nfs4_xattr_load.c b/libnfs4acl/acl_nfs4_xattr_load.c
index 089a139..ced1c95 100644
--- a/libnfs4acl/acl_nfs4_xattr_load.c
+++ b/libnfs4acl/acl_nfs4_xattr_load.c
@@ -139,6 +139,12 @@ struct nfs4_acl * acl_nfs4_xattr_load(char *xattr_v, int xattr_size, u32 is_dir)
 			goto err1;
 		}
 
+		/*wholen should less than xattr_size*/
+		if (wholen > xattr_size) {
+			errno = EINVAL;
+			goto err1;
+		}
+
 		who = (char *) malloc((wholen+1) * sizeof(char));
 		if (who == NULL) {
 			errno = ENOMEM;
diff --git a/libnfs4acl/nfs4_acl_for_path.c b/libnfs4acl/nfs4_acl_for_path.c
index 7461005..577dd1f 100644
--- a/libnfs4acl/nfs4_acl_for_path.c
+++ b/libnfs4acl/nfs4_acl_for_path.c
@@ -92,14 +92,14 @@ static int nfs4_getxattr(const char *path, void *value, size_t size)
 
 	res = getxattr(path, ACL_NFS4_XATTR, value, size);
 	if (res < -10000) {
-		fprintf(stderr,"An internal NFS server error code (%d) was returned; this should never happen.\n",res);
+		fprintf(stderr, "An internal NFS server error code (%d) was returned; this should never happen.\n", res);
 	} else if (res < 0) {
 		if (errno == ENOATTR)
-			fprintf(stderr,"Attribute not found on file.\n");
+			fprintf(stderr, "Attribute not found on file.\n");
 		else if (errno == EREMOTEIO)
-		    fprintf(stderr,"An NFS server error occurred.\n");
+		    fprintf(stderr, "An NFS server error occurred.\n");
 		else if (errno == EOPNOTSUPP)
-			fprintf(stderr,"Operation to request attribute not supported.\n");
+			fprintf(stderr, "Operation to request attribute not supported.\n");
 		else
 			perror("Failed getxattr operation");
 	}