linux/net/sunrpc
David Howells e8896495bc NFS: Check lengths more thoroughly in NFS4 readdir XDR decode
Check the bounds of length specifiers more thoroughly in the XDR decoding of
NFS4 readdir reply data.

Currently, if the server returns a bitmap or attr length that causes the
current decode point pointer to wrap, this could go undetected (consider a
small "negative" length on a 32-bit machine).

Also add a check into the main XDR decode handler to make sure that the amount
of data is a multiple of four bytes (as specified by RFC-1014).  This makes
sure that we can do u32* pointer subtraction in the NFS client without risking
an undefined result (the result is undefined if the pointers are not correctly
aligned with respect to one another).

Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 5861fddd64a7eaf7e8b1a9997455a24e7f688092 commit)
2006-08-24 15:53:34 -04:00
..
auth_gss SUNRPC: Fix dentry refcounting issues with users of rpc_pipefs 2006-08-24 15:50:51 -04:00
auth_null.c NFS: Display the chosen RPCSEC_GSS security flavour in /proc/mounts 2006-06-09 09:34:34 -04:00
auth_unix.c NFS: Display the chosen RPCSEC_GSS security flavour in /proc/mounts 2006-06-09 09:34:34 -04:00
auth.c SUNRPC: Auto-load RPC authentication kernel modules 2006-03-20 13:44:08 -05:00
cache.c [PATCH] knfsd: fix race related problem when adding items to and svcrpc auth cache 2006-08-06 08:57:47 -07:00
clnt.c NFS: Check lengths more thoroughly in NFS4 readdir XDR decode 2006-08-24 15:53:34 -04:00
Makefile [PATCH] RPC: introduce client-side transport switch 2005-09-23 12:38:12 -04:00
pmap_clnt.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
rpc_pipe.c SUNRPC: rpc_unlink() must check for unhashed dentries 2006-08-24 15:50:42 -04:00
sched.c [PATCH] mempool: use mempool_create_slab_pool() 2006-03-26 08:57:00 -08:00
socklib.c [NET]: Detect hardware rx checksum faults correctly 2005-11-10 13:01:24 -08:00
stats.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
sunrpc_syms.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
svc.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
svcauth_unix.c [PATCH] knfsd: Tidy up unix_domain_find 2006-03-27 08:44:43 -08:00
svcauth.c [PATCH] knfsd: Change the store of auth_domains to not be a 'cache' 2006-03-27 08:44:41 -08:00
svcsock.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
sysctl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
timer.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xdr.c This fixes a panic doing the first READDIR or READDIRPLUS call when: 2006-07-05 13:17:12 -04:00
xprt.c RPC: Ensure that we disconnect TCP socket when client requests error out 2006-08-03 16:56:55 -04:00
xprtsock.c RPC: Ensure that we disconnect TCP socket when client requests error out 2006-08-03 16:56:55 -04:00