git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 433b06a) | patch
NFSv4.1: integer overflow in decode_cb_sequence_args()
authorDan Carpenter <dan.carpenter@oracle.com>
Tue, 12 Jun 2012 07:37:08 +0000 (10:37 +0300)
committerBen Hutchings <ben@decadent.org.uk>
Tue, 10 Sep 2013 00:57:10 +0000 (01:57 +0100)
commit70bea7f2c038f04b5bc2e84f12615f79ed394d13
treef8a885a389d29aa7178f2979768f61d84b0930adtree | snapshot
parent433b06a8f4b04e560c3ad8e13bf60b1fa6186341commit | diff
NFSv4.1: integer overflow in decode_cb_sequence_args()

commit 0439f31c35d1da0b28988b308ea455e38e6a350d upstream.

This seems like it could overflow on 32 bits.  Use kmalloc_array() which
has overflow protection built in.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
fs/nfs/callback_xdr.c diff | blob | history
Pandora Kernel Repository