nfsd: fix buffer overrun decoding NFSv4 acl

author J. Bruce Fields <bfields@citi.umich.edu>

Fri, 29 Aug 2008 23:18:45 +0000 (19:18 -0400)

committer J. Bruce Fields <bfields@citi.umich.edu>

Mon, 1 Sep 2008 18:24:24 +0000 (14:24 -0400)
author J. Bruce Fields <bfields@citi.umich.edu>
Fri, 29 Aug 2008 23:18:45 +0000 (19:18 -0400)
committer J. Bruce Fields <bfields@citi.umich.edu>
Mon, 1 Sep 2008 18:24:24 +0000 (14:24 -0400)
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c

index b6ed383..54b8b41 100644 (file)
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
          * enough space for either:
          */
         alloc = sizeof(struct posix_ace_state_array)
-               + cnt*sizeof(struct posix_ace_state);
+               + cnt*sizeof(struct posix_user_ace_state);
         state->users = kzalloc(alloc, GFP_KERNEL);
         if (!state->users)
                 return -ENOMEM;
author	J. Bruce Fields <bfields@citi.umich.edu>
	Fri, 29 Aug 2008 23:18:45 +0000 (19:18 -0400)
committer	J. Bruce Fields <bfields@citi.umich.edu>
	Mon, 1 Sep 2008 18:24:24 +0000 (14:24 -0400)