linux.git - Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

diff options

author	Chuck Lever <chuck.lever@oracle.com>	2024-09-17 12:15:23 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-12-05 14:03:02 +0100
commit	ccd3394f9a7200d6b088553bf38e688620cd27af (patch)
tree	b72c9248a0213d15f87f4c3c552cb9a3ab687d0b /kernel/workqueue.c
parent	76b9f8cbb1a33d45546677f031eeef2e71c3c6c2 (diff)
download	linux-ccd3394f9a7200d6b088553bf38e688620cd27af.tar.gz linux-ccd3394f9a7200d6b088553bf38e688620cd27af.tar.bz2 linux-ccd3394f9a7200d6b088553bf38e688620cd27af.zip

NFSD: Prevent a potential integer overflow

commit 7f33b92e5b18e904a481e6e208486da43e4dc841 upstream. If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Cc: stable@vger.kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel/workqueue.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: