There is a potential for integer overflows in svcxdr_dupstr()
and svcxdr_tmpalloc() and XDR_QUADLEN(). I believe the fixing the
overflow in XDR_QUADLEN() would fix the bug, but it's safer to be
more thourough.
Dan Carpenter (2):
SUNRPC: prevent integer overflow in XDR_QUADLEN()
NFSD: harden svcxdr_dupstr() and svcxdr_tmpalloc() against integer
overflows
fs/nfsd/nfs4xdr.c | 12 ++++++------
include/linux/sunrpc/xdr.h | 3 ++-
2 files changed, 8 insertions(+), 7 deletions(-)
--
2.43.0