linux.git - Linus' kernel tree

diff options

author	Chuck Lever <chuck.lever@oracle.com>	2025-10-16 09:49:56 -0400
committer	Chuck Lever <chuck.lever@oracle.com>	2025-11-10 09:31:52 -0500
commit	c96573c0d75db3f8478000d0d392a9cdb95adbed (patch)
tree	1dddb09e3f2200386113c254a450f98f5e0b5f3e /net/unix/af_unix.c
parent	ff8141e49cf70d2d093a5228f5299ce188de6142 (diff)

NFSD: Never cache a COMPOUND when the SEQUENCE operation fails

RFC 8881 normatively mandates that operations where the initial SEQUENCE operation in a compound fails must not modify the slot's replay cache. nfsd4_cache_this() doesn't prevent such caching. So when SEQUENCE fails, cstate.data_offset is not set, allowing read_bytes_from_xdr_buf() to access uninitialized memory. Reported-by: rtm@csail.mit.edu Closes: https://lore.kernel.org/linux-nfs/c3628d57-94ae-48cf-8c9e-49087a28cec9@oracle.com/T/#t Fixes: 468de9e54a90 ("nfsd41: expand solo sequence check") Reviewed-by: NeilBrown <neil@brown.name> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: