fs: nfs: Fix possible buffer overflow

Fork: 0

LuminaSensum / barebox

Browse code fs: nfs: Fix possible buffer overflow nfs_readlink_req() interprets a 32bit value directly received from the network as length argument to memcpy() without any boundary checking. Clamp the copy size at the end of the incoming packet. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0
1 parent 84986ca commit 574ce994016107ad8ab0f845a785f28d7eaa5208 Sascha Hauer authored on 2 Sep 2019

Browse code

nfs_readlink_req() interprets a 32bit value directly received from the
network as length argument to memcpy() without any boundary checking.
Clamp the copy size at the end of the incoming packet.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0

1 parent 84986ca commit 574ce994016107ad8ab0f845a785f28d7eaa5208

Sascha Hauer authored on 2 Sep 2019

Patch

Unified Split

Showing 1 changed file

Ignore Space Show notes View fs/nfs.c

Show line notes below