1
linux/fs
J. Bruce Fields 87d26ea777 nfsd: more careful input validation in nfsctl write methods
Neil Brown points out that we're checking buf[size-1] in a couple places
without first checking whether size is zero.

Actually, given the implementation of simple_transaction_get(), buf[-1]
is zero, so in both of these cases the subsequent check of the value of
buf[size-1] will catch this case.

But it seems fragile to depend on that, so add explicit checks for this
case.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: NeilBrown <neilb@suse.de>
2008-02-01 16:42:15 -05:00
..
9p 9p: use copy of the options value instead of original 2007-11-06 08:02:53 -06:00
adfs
affs
afs vfs: Add 64 bit i_version support 2008-01-28 23:58:27 -05:00
autofs
autofs4
befs
bfs regression: bfs endianness bug 2007-12-05 09:25:20 -08:00
cifs [CIFS] DFS build fixes 2008-01-25 10:12:41 +00:00
coda coda: convert struct class_device to struct device 2008-01-24 20:40:05 -08:00
configfs configfs: file.c fix possible recursive locking 2008-01-25 15:05:47 -08:00
cramfs
debugfs Kobject: convert fs/* from kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
devpts
dlm dlm: static initialization improvements 2008-01-30 11:04:43 -06:00
ecryptfs [NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28 15:08:07 -08:00
efs
exportfs
ext2 ext2: Fix the max file size for ext2 file system. 2008-01-28 23:58:26 -05:00
ext3 ext3: Fix the max file size for ext3 file system. 2008-01-28 23:58:26 -05:00
ext4 ext4: Use the ext4_ext_actual_len() helper function 2008-01-28 23:58:27 -05:00
fat fat: optimize fat_count_free_clusters() 2008-01-08 16:10:35 -08:00
freevxfs
fuse Kobject: convert fs/* from kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw 2008-01-25 08:39:18 -08:00
hfs hfs: fix coverity-found null deref 2008-01-17 15:38:58 -08:00
hfsplus
hostfs
hpfs
hppfs
hugetlbfs hugetlb: allow bulk updating in hugetlb_*_quota() 2007-11-14 18:45:40 -08:00
isofs
jbd spinlock: lockbreak cleanup 2008-01-30 13:31:20 +01:00
jbd2 spinlock: lockbreak cleanup 2008-01-30 13:31:20 +01:00
jffs2 Freezer: Fix JFFS2 garbage collector freezing issue (rev. 2) 2007-12-04 01:35:41 -05:00
jfs mount options: fix jfs 2008-01-24 16:13:21 -06:00
lockd lockd: minor log message fix 2008-02-01 16:42:15 -05:00
minix
msdos
ncpfs
nfs svc: Change services to use new svc_create_xprt service 2008-02-01 16:42:09 -05:00
nfs_common
nfsd nfsd: more careful input validation in nfsctl write methods 2008-02-01 16:42:15 -05:00
nls
ntfs NTFS: Fix read regression. 2007-11-03 12:27:21 -07:00
ocfs2 ocfs2: Fix userspace ABI breakage in sysfs 2008-01-28 19:10:23 -08:00
openpromfs [SPARC]: Constify function pointer tables. 2008-01-22 18:29:20 -08:00
partitions Kobject: convert fs/* from kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
proc Merge branch 'task_killable' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-02-01 11:45:47 +11:00
qnx4
ramfs
reiserfs proc: fix proc_dir_entry refcounting 2007-12-05 09:21:20 -08:00
romfs
smbfs Merge branch 'task_killable' of git://git.kernel.org/pub/scm/linux/kernel/git/willy/misc 2008-02-01 11:45:47 +11:00
sysfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-01-25 17:19:08 -08:00
sysv
udf
ufs ufs: fix nexstep dir block size 2007-12-05 09:21:18 -08:00
vfat
xfs [XFS] fix unaligned access in readdir 2008-01-11 18:05:04 +11:00
aio.c core: remove last users of empty FASTCALL macro 2008-01-30 13:31:17 +01:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c mm: fix exit_mmap BUG() on a.out binary exit 2007-12-20 07:49:53 -08:00
binfmt_elf_fdpic.c
binfmt_elf.c x86: remove iBCS support 2008-01-30 13:33:32 +01:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio.c __bio_clone: don't calculate hw/phys segment counts 2008-01-28 10:04:46 +01:00
block_dev.c Driver core: convert block from raw kobjects to core devices 2008-01-24 20:40:36 -08:00
buffer.c Add buffer head related helper functions 2008-01-28 23:58:26 -05:00
char_dev.c Kobject: rename kobject_init_ng() to kobject_init() 2008-01-24 20:40:38 -08:00
compat_binfmt_elf.c x86: compat_binfmt_elf 2008-01-30 13:31:46 +01:00
compat_ioctl.c remove __attribute_used__ 2008-01-28 23:21:18 +01:00
compat.c security: call security_file_permission from rw_verify_area 2008-01-25 11:29:52 +11:00
dcache.c
dcookies.c
direct-io.c
dnotify.c
dquot.c Don't send quota messages repeatedly when hardlimit reached 2007-12-23 12:54:36 -08:00
drop_caches.c
eventfd.c
eventpoll.c Use wake_up_locked() in eventpoll 2007-12-06 17:07:16 -05:00
exec.c vfs: coredumping fix 2007-11-28 10:58:01 -08:00
fcntl.c
fifo.c
file_table.c
file.c
filesystems.c
fs-writeback.c Revert "writeback: introduce writeback_control.more_io to indicate more io" 2008-01-14 21:21:29 -08:00
generic_acl.c
inode.c ext4: Add inode version support in ext4 2008-01-28 23:58:27 -05:00
inotify_user.c
inotify.c
internal.h
ioctl.c
ioprio.c cfq-iosched: relax IOPRIO_CLASS_IDLE restrictions 2008-01-28 11:38:15 +01:00
Kconfig nfsd: select CONFIG_PROC_FS in nfsv4 and gss server cases 2008-02-01 16:42:04 -05:00
Kconfig.binfmt x86: compat_binfmt_elf Kconfig 2008-01-30 13:31:46 +01:00
libfs.c
locks.c locks: fix possible infinite loop in posix deadlock detection 2007-10-30 09:04:18 -07:00
Makefile x86: compat_binfmt_elf Kconfig 2008-01-30 13:31:46 +01:00
mbcache.c fs: Fix to correct the mbcache entries counter 2007-10-25 15:18:29 -07:00
mpage.c
namei.c Use access mode instead of open flags to determine needed permissions 2008-01-12 14:47:58 -08:00
namespace.c kobject: convert main fs kobject to use kobject_create 2008-01-24 20:40:13 -08:00
nfsctl.c
no-block.c
open.c mark sys_open/sys_read exports unused 2007-11-14 18:45:42 -08:00
pipe.c
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c ext4: export iov_shorten from kernel for ext4's use 2008-01-28 23:58:27 -05:00
read_write.h
readdir.c Use mutex_lock_killable in vfs_readdir 2007-12-06 17:39:54 -05:00
select.c
seq_file.c
signalfd.c
splice.c splice: always updated atime in direct splice 2008-02-01 09:26:32 +01:00
stack.c
stat.c
super.c
sync.c
timerfd.c
utimes.c
xattr_acl.c
xattr.c