linux/fs/nfsd
Kinglong Mee f98bac5a30 NFSD: Fix crash encoding lock reply on 32-bit
Commit 8c7424cff6 "nfsd4: don't try to encode conflicting owner if low
on space" forgot to free conf->data in nfsd4_encode_lockt and before
sign conf->data to NULL in nfsd4_encode_lock_denied, causing a leak.

Worse, kfree() can be called on an uninitialized pointer in the case of
a succesful lock (or one that fails for a reason other than a conflict).

(Note that lock->lk_denied.ld_owner.data appears it should be zero here,
until you notice that it's one arm of a union the other arm of which is
written to in the succesful case by the

	memcpy(&lock->lk_resp_stateid, &lock_stp->st_stid.sc_stateid,
	                                sizeof(stateid_t));

in nfsd4_lock().  In the 32-bit case this overwrites ld_owner.data.)

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Fixes: 8c7424cff6 ""nfsd4: don't try to encode conflicting owner if low on space"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2014-07-23 10:31:56 -04:00
..
Kconfig nfsd: fix Kconfig syntax 2013-10-26 15:37:26 -04:00
Makefile
acl.h nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
auth.c NFSD: Cleanup unused variable in nfsd_setuser() 2014-05-30 17:32:21 -04:00
auth.h
cache.h nfsd: get rid of unused function definition 2014-01-02 17:53:23 -05:00
current_stateid.h
export.c NFSD: Error out when getting more than one fsloc/secinfo/uuid 2014-05-30 17:32:25 -04:00
export.h NFSD: Using type of uint32_t for ex_nflavors instead of int 2014-05-30 17:32:24 -04:00
fault_inject.c NFSD: Use simple_read_from_buffer for coping data to userspace 2014-05-08 14:59:52 -04:00
idmap.h nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
lockd.c
netns.h NFSD: Don't start lockd when only NFSv4 is running 2014-01-03 18:18:50 -05:00
nfs2acl.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs3acl.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs3proc.c
nfs3xdr.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
nfs4acl.c nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
nfs4callback.c nfsd: set timeparms.to_maxval in setup_callback_client 2014-04-18 14:34:31 +02:00
nfs4idmap.c nfsd4: use xdr_reserve_space in attribute encoding 2014-05-28 14:52:34 -04:00
nfs4proc.c nfsd: fix rare symlink decoding bug 2014-06-27 16:10:46 -04:00
nfs4recover.c
nfs4state.c NFSD: Don't hand out delegations for 30 seconds after recalling them. 2014-06-17 16:42:47 -04:00
nfs4xdr.c NFSD: Fix crash encoding lock reply on 32-bit 2014-07-23 10:31:56 -04:00
nfscache.c nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG entry 2014-06-06 19:22:49 -04:00
nfsctl.c NFSD: Get rid of empty function nfs4_state_init 2014-05-08 14:59:52 -04:00
nfsd.h NFSD: Get rid of empty function nfs4_state_init 2014-05-08 14:59:52 -04:00
nfsfh.c SUNRPC/NFSD: Remove using of dprintk with KERN_WARNING 2014-05-30 20:25:28 -04:00
nfsfh.h nfsd: remove <linux/nfsd/nfsfh.h> 2014-05-06 17:54:53 -04:00
nfsproc.c
nfssvc.c nfsd: Only set PF_LESS_THROTTLE when really needed. 2014-05-22 15:59:19 -04:00
nfsxdr.c nfsd: Remove assignments inside conditions 2014-05-22 15:52:23 -04:00
state.h nfsd4: allow larger 4.1 session drc slots 2014-05-23 09:03:41 -04:00
stats.c nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
vfs.c nfsd: remove unused function nfsd_read_file 2014-05-30 17:32:27 -04:00
vfs.h nfsd: remove unused function nfsd_read_file 2014-05-30 17:32:27 -04:00
xdr.h
xdr3.h nfsd: fix encode_entryplus_baggage stack usage 2014-01-23 13:50:27 -05:00
xdr4.h nfsd4: allow large readdirs 2014-05-30 17:32:03 -04:00
xdr4cb.h