Commit 7f33b92e authored Sep 17, 2024 by Chuck Lever

NFSD: Prevent a potential integer overflow



If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an integer overflow. Address this by splitting the
decoding into several steps so that decode_cb_compound4res() does
not have to perform arithmetic on the unsafe length value.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Cc: stable@vger.kernel.org
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

parent 2d5404ca

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 745f7ce5
· Nov 05, 2025

mentioned in commit 745f7ce5

mentioned in commit 745f7ce5a95e783ba62fe774325829466aec2aa8

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 084f797d
· Nov 05, 2025

mentioned in commit 084f797d

mentioned in commit 084f797dbc7e52209a4ab6dbc7f0109268754eb9

Toggle commit list

Please to comment