[PATCH 0/3] [CVE-2012-2375] [ONEIRIC] [NATTY] More NFS ACL boundry checking

Brad Figg brad.figg at canonical.com
Thu May 31 16:28:39 UTC 2012

The fix for CVE-2011-4131 was not complete. Malicious NFS server could still
crash the clients when more than 2 GETATTR bitmap words are returned in
response to the FATTR4_ACL attribute request.

Sachin Prabhu (2):
  Avoid reading past buffer when calling GETACL
  Avoid beyond bounds copy while caching ACL

 fs/nfs/nfs4proc.c |   28 +++++++++++++++-------------
 fs/nfs/nfs4xdr.c  |   18 +++++++++++-------
 2 files changed, 26 insertions(+), 20 deletions(-)


More information about the kernel-team mailing list