[PATCH 1 of 3] nfsd4: fix fs locations bounds-checking
From: J. Bruce Fields
Date: Mon Oct 02 2006 - 14:25:36 EST
The comparison here is obviously useless as locations_count is unsigned.
Though fsloc_parse can only be handed data by root, still I'd rather have
some sanity-checking; so set a (generous) maximum number of fslocations to
keep the following kzalloc to a reasonable size.
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxxxxxx>
---
fs/nfsd/export.c | 2 +-
include/linux/nfsd/export.h | 3 +++
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 7e429ca..71f3655 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -418,7 +418,7 @@ fsloc_parse(char **mesg, char *buf, stru
err = get_int(mesg, &fsloc->locations_count);
if (err)
return err;
- if (fsloc->locations_count < 0)
+ if (fsloc->locations_count > MAX_FS_LOCATIONS)
return -EINVAL;
if (fsloc->locations_count == 0)
return 0;
diff --git a/include/linux/nfsd/export.h b/include/linux/nfsd/export.h
index 101fb4c..6e78ea9 100644
--- a/include/linux/nfsd/export.h
+++ b/include/linux/nfsd/export.h
@@ -48,6 +48,9 @@ #ifdef __KERNEL__
/*
* FS Locations
*/
+
+#define MAX_FS_LOCATIONS 128
+
struct nfsd4_fs_location {
char *hosts; /* colon separated list of hosts */
char *path; /* slash separated list of path components */
--
1.4.2.g55c3
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/