From: J. Bruce Fields <bfields@redhat.com>
Date: Fri, 21 Apr 2017 19:26:30 +0000 (-0400)
Subject: nfsd: stricter decoding of write-like NFSv2/v3 ops
X-Git-Tag: v3.2.89~9
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b9ba0c00cb068a50a409bbdc7cfbe473f1c01a3;p=pandora-kernel.git

nfsd: stricter decoding of write-like NFSv2/v3 ops

commit 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 upstream.

The NFSv2/v3 code does not systematically check whether we decode past
the end of the buffer.  This generally appears to be harmless, but there
are a few places where we do arithmetic on the pointers involved and
don't account for the possibility that a length could be negative.  Add
checks to catch these.

Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed