tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
NFSD: Full checking of authentication name
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
authored by
Kinglong Mee
and committed by
J. Bruce Fields
13c82e8e
48c348b0
+5
-9
+5
-9
fs/nfsd/nfs4idmap.c
+5
-9
fs/nfsd/nfs4idmap.c
···
215
215
memset(&ent, 0, sizeof(ent));
216
216
217
217
/* Authentication name */
218
-
if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
218
+
len = qword_get(&buf, buf1, PAGE_SIZE);
219
+
if (len <= 0 || len >= IDMAP_NAMESZ)
219
220
goto out;
220
221
memcpy(ent.authname, buf1, sizeof(ent.authname));
221
222
···
246
245
/* Name */
247
246
error = -EINVAL;
248
247
len = qword_get(&buf, buf1, PAGE_SIZE);
249
-
if (len < 0)
248
+
if (len < 0 || len >= IDMAP_NAMESZ)
250
249
goto out;
251
250
if (len == 0)
252
251
set_bit(CACHE_NEGATIVE, &ent.h.flags);
253
-
else if (len >= IDMAP_NAMESZ)
254
-
goto out;
255
252
else
256
253
memcpy(ent.name, buf1, sizeof(ent.name));
257
254
error = -ENOMEM;
···
258
259
goto out;
259
260
260
261
cache_put(&res->h, cd);
261
-
262
262
error = 0;
263
263
out:
264
264
kfree(buf1);
265
-
266
265
return error;
267
266
}
268
-
269
267
270
268
static struct ent *
271
269
idtoname_lookup(struct cache_detail *cd, struct ent *item)
···
377
381
memset(&ent, 0, sizeof(ent));
378
382
379
383
/* Authentication name */
380
-
if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
384
+
len = qword_get(&buf, buf1, PAGE_SIZE);
385
+
if (len <= 0 || len >= IDMAP_NAMESZ)
381
386
goto out;
382
387
memcpy(ent.authname, buf1, sizeof(ent.authname));
383
388
···
418
421
error = 0;
419
422
out:
420
423
kfree(buf1);
421
-
422
424
return (error);
423
425
}
424
426