• David Howells's avatar
    NFS: Check lengths more thoroughly in NFS4 readdir XDR decode · e8896495
    David Howells authored
    Check the bounds of length specifiers more thoroughly in the XDR decoding of
    NFS4 readdir reply data.
    
    Currently, if the server returns a bitmap or attr length that causes the
    current decode point pointer to wrap, this could go undetected (consider a
    small "negative" length on a 32-bit machine).
    
    Also add a check into the main XDR decode handler to make sure that the amount
    of data is a multiple of four bytes (as specified by RFC-1014).  This makes
    sure that we can do u32* pointer subtraction in the NFS client without risking
    an undefined result (the result is undefined if the pointers are not correctly
    aligned with respect to one another).
    Signed-Off-By: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    (cherry picked from 5861fddd64a7eaf7e8b1a9997455a24e7f688092 commit)
    e8896495
nfs4xdr.c 115 KB