linux/fs/nfsd
Chuck Lever fc788f64f1 nfsd: Limit end of page list when decoding NFSv4 WRITE
When processing an NFSv4 WRITE operation, argp->end should never
point past the end of the data in the final page of the page list.
Otherwise, nfsd4_decode_compound can walk into uninitialized memory.

More critical, nfsd4_decode_write is failing to increment argp->pagelen
when it increments argp->pagelist.  This can cause later xdr decoders
to assume more data is available than really is, which can cause server
crashes on malformed requests.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2017-08-24 18:05:30 -04:00
..
Kconfig block: make scsi_request and scsi ioctl support optional 2017-01-31 10:53:05 -07:00
Makefile nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c cred: simpler, 1D supplementary groups 2016-10-07 18:46:30 -07:00
auth.h nfsd: Remove nfsd_luid, nfsd_lgid, nfsd_ruid and nfsd_rgid 2013-02-13 06:15:51 -08:00
blocklayout.c block: Make most scsi_req_init() calls implicit 2017-06-20 19:27:14 -06:00
blocklayoutxdr.c Highlights: 2016-08-04 19:59:06 -04:00
blocklayoutxdr.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h nfsd4: properly type op_get_currentstateid callbacks 2017-05-15 17:42:27 +02:00
export.c nfsd: namespace-prefix uuid_parse 2017-06-05 16:56:38 +02:00
export.h nfsd: allow nfsd to advertise multiple layout types 2016-07-15 15:31:32 -04:00
fault_inject.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
flexfilelayout.c nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
flexfilelayoutxdr.c nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
flexfilelayoutxdr.h nfsd: Add a super simple flex file server 2016-07-13 15:40:48 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
netns.h netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
nfs2acl.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3acl.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3proc.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfs3xdr.c nfsd4: factor ctime into change attribute 2017-07-12 15:55:00 -04:00
nfs4acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs4callback.c nfsd: Fix a memory scribble in the callback channel 2017-07-17 13:15:06 -04:00
nfs4idmap.c nfsd/idmap: return nfserr_inval for 0-length names 2017-02-17 16:25:59 -05:00
nfs4layouts.c driver core patches for 4.11-rc1 2017-02-22 11:44:32 -08:00
nfs4proc.c Linux 4.12-rc5 2017-06-28 13:34:15 -04:00
nfs4recover.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
nfs4state.c nfsd4: properly type op_func callbacks 2017-05-15 17:42:29 +02:00
nfs4xdr.c nfsd: Limit end of page list when decoding NFSv4 WRITE 2017-08-24 18:05:30 -04:00
nfscache.c lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
nfsctl.c fs: constify tree_descr arrays passed to simple_fill_super() 2017-04-26 23:54:06 -04:00
nfsd.h sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfsfh.c nfsd: check d_can_lookup in fh_verify of directories 2016-08-04 17:11:48 -04:00
nfsfh.h nfsd4: factor ctime into change attribute 2017-07-12 15:55:00 -04:00
nfsproc.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfssvc.c sunrpc: mark all struct svc_version instances as const 2017-05-15 17:42:31 +02:00
nfsxdr.c Linux 4.12-rc5 2017-06-28 13:34:15 -04:00
pnfs.h nfsd: don't set a FL_LAYOUT lease for flexfiles layouts 2016-09-16 16:15:52 -04:00
state.h nfsd/callback: Cleanup callback cred on shutdown 2017-02-17 16:26:00 -05:00
stats.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c Merge branch 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 14:35:57 -07:00
vfs.h statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
xdr.h sunrpc: properly type pc_encode callbacks 2017-05-15 17:42:25 +02:00
xdr3.h sunrpc: properly type pc_encode callbacks 2017-05-15 17:42:25 +02:00
xdr4.h nfsd4: properly type op_func callbacks 2017-05-15 17:42:29 +02:00
xdr4cb.h nfsd: plumb in a CB_NOTIFY_LOCK operation 2016-09-26 15:20:35 -04:00