diff options
author | Trond Myklebust <trond.myklebust@hammerspace.com> | 2022-10-18 18:21:14 -0400 |
---|---|---|
committer | Trond Myklebust <trond.myklebust@hammerspace.com> | 2022-11-27 22:09:59 -0500 |
commit | 43c1031f7110967c240cb6e922adcfc4b8899183 (patch) | |
tree | b03042f640eaebcb4c680a7c2d415c1a677ff7b1 | |
parent | c8a62f440229ae7a10874776344dfcc17d860336 (diff) |
NFSv4.2: Fix a memory stomp in decode_attr_security_label
We must not change the value of label->len if it is zero, since that
indicates we stored a label.
Fixes: b4487b935452 ("nfs: Fix getxattr kernel panic and memory overflow")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
-rw-r--r-- | fs/nfs/nfs4xdr.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 9103e022376a..deec76cf5afe 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c @@ -4236,12 +4236,10 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap, return -EIO; bitmap[2] &= ~FATTR4_WORD2_SECURITY_LABEL; if (len < NFS4_MAXLABELLEN) { - if (label) { - if (label->len) { - if (label->len < len) - return -ERANGE; - memcpy(label->label, p, len); - } + if (label && label->len) { + if (label->len < len) + return -ERANGE; + memcpy(label->label, p, len); label->len = len; label->pi = pi; label->lfs = lfs; |