nfsd: fix buffer overrun decoding NFSv4 acl

commit 91b80969 upstream The array we kmalloc() here is not large enough. Thanks to Johann Dahm and David Richter for bug report and testing. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: David Richter <richterd@citi.umich.edu> Tested-by: Johann Dahm <jdahm@umich.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

nfsd: fix buffer overrun decoding NFSv4 acl
commit 91b80969 upstream The array we kmalloc() here is not large enough. Thanks to Johann Dahm and David Richter for bug report and testing. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Cc: David Richter <richterd@citi.umich.edu> Tested-by: Johann Dahm <jdahm@umich.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
ee69675a · J. Bruce Fields · Greg Kroah-Hartman · 94d5272a · ee69675a
Commit ee69675a authored Sep 01, 2008 by J. Bruce Fields Committed by Greg Kroah-Hartman Sep 08, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

fs/nfsd/nfs4acl.c fs/nfsd/nfs4acl.c +1 -1

No files found.
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
 	 * enough space for either:
 	 */
 	alloc = sizeof(struct posix_ace_state_array)
-		+ cnt*sizeof(struct posix_ace_state);
+		+ cnt*sizeof(struct posix_user_ace_state);
 	state->users = kzalloc(alloc, GFP_KERNEL);
 	if (!state->users)
 		return -ENOMEM;