net: nfs: Fix possible buffer overflow

Fork: 0

LuminaSensum / barebox

Browse code net: nfs: Fix possible buffer overflow nfs_readlink_reply() interprets a 32bit value directly received from the network as length argument to memcpy() without any boundary checking. Clamp the copy size at the end of the incoming packet. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0
1 parent 3dc4502 commit 84986ca024462058574432b5483f4bf9136c538d Sascha Hauer authored on 2 Sep 2019

Browse code

nfs_readlink_reply() interprets a 32bit value directly received from the
network as length argument to memcpy() without any boundary checking.
Clamp the copy size at the end of the incoming packet.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0

1 parent 3dc4502 commit 84986ca024462058574432b5483f4bf9136c538d

Sascha Hauer authored on 2 Sep 2019

Patch

Unified Split

Showing 1 changed file

Ignore Space Show notes View net/nfs.c

Show line notes below