forked from luck/tmp_suning_uos_patched
e8896495bc
Check the bounds of length specifiers more thoroughly in the XDR decoding of NFS4 readdir reply data. Currently, if the server returns a bitmap or attr length that causes the current decode point pointer to wrap, this could go undetected (consider a small "negative" length on a 32-bit machine). Also add a check into the main XDR decode handler to make sure that the amount of data is a multiple of four bytes (as specified by RFC-1014). This makes sure that we can do u32* pointer subtraction in the NFS client without risking an undefined result (the result is undefined if the pointers are not correctly aligned with respect to one another). Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from 5861fddd64a7eaf7e8b1a9997455a24e7f688092 commit) |
||
---|---|---|
.. | ||
auth_gss | ||
auth_null.c | ||
auth_unix.c | ||
auth.c | ||
cache.c | ||
clnt.c | ||
Makefile | ||
pmap_clnt.c | ||
rpc_pipe.c | ||
sched.c | ||
socklib.c | ||
stats.c | ||
sunrpc_syms.c | ||
svc.c | ||
svcauth_unix.c | ||
svcauth.c | ||
svcsock.c | ||
sysctl.c | ||
timer.c | ||
xdr.c | ||
xprt.c | ||
xprtsock.c |