diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-09-02 09:42:15 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-09-02 09:42:45 +0200 |
commit | 84986ca024462058574432b5483f4bf9136c538d (patch) | |
tree | aa618622e32e209fbe66fabaa95780e322cfb343 /fs/nfs.c | |
parent | 3dc45020a9dd75af628bc0eca07465b2a4c7378f (diff) | |
download | barebox-84986ca024462058574432b5483f4bf9136c538d.tar.gz barebox-84986ca024462058574432b5483f4bf9136c538d.tar.xz |
net: nfs: Fix possible buffer overflow
nfs_readlink_reply() interprets a 32bit value directly received from the
network as length argument to memcpy() without any boundary checking.
Clamp the copy size at the end of the incoming packet.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'fs/nfs.c')
0 files changed, 0 insertions, 0 deletions