[3.8.y.z extended stable] Patch "nfsd4: buffer-length check for SUPPATTR_EXCLCREAT" has been added to staging queue

[Kamal Mostafa]

This is a note to let you know that I have just added a patch titled

    nfsd4: buffer-length check for SUPPATTR_EXCLCREAT

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.22.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From c870d6cf37fbad7958361d58966b388a0148e9a7 Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields at redhat.com>
Date: Tue, 28 Jan 2014 16:05:15 -0500
Subject: nfsd4: buffer-length check for SUPPATTR_EXCLCREAT

commit de3997a7eeb9ea286b15879fdf8a95aae065b4f7 upstream.

This was an omission from 8c18f2052e756e7d5dea712fc6e7ed70c00e8a39
"nfsd41: SUPPATTR_EXCLCREAT attribute".

Cc: Benny Halevy <bhalevy at primarydata.com>
Signed-off-by: J. Bruce Fields <bfields at redhat.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/nfsd/nfs4xdr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 3ed8550..b2d4e3d 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2416,6 +2416,8 @@ out_acl:
 		WRITE64(stat.ino);
 	}
 	if (bmval2 & FATTR4_WORD2_SUPPATTR_EXCLCREAT) {
+		if ((buflen -= 16) < 0)
+			goto out_resource;
 		WRITE32(3);
 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD0);
 		WRITE32(NFSD_SUPPATTR_EXCLCREAT_WORD1);
--
1.9.1