summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorJeff Layton <jlayton@poochiereds.net>2015-07-30 06:57:46 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2015-08-16 20:52:27 -0700
commit1ccdd6c6e9a342c2ed4ced38faa67303226a2a6a (patch)
treeaec2d5ac5a7fccb9d2985d5a940c9a794b0d1e7d /security/integrity
parent3b5c2aed0e5557c6bc4a305e7627a16a764b4cdb (diff)
downloadlinux-stable-1ccdd6c6e9a342c2ed4ced38faa67303226a2a6a.tar.gz
linux-stable-1ccdd6c6e9a342c2ed4ced38faa67303226a2a6a.tar.bz2
linux-stable-1ccdd6c6e9a342c2ed4ced38faa67303226a2a6a.zip
nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid
commit 8fcd461db7c09337b6d2e22d25eb411123f379e3 upstream. Currently, preprocess_stateid_op calls nfs4_check_olstateid which verifies that the open stateid corresponds to the current filehandle in the call by calling nfs4_check_fh. If the stateid is a NFS4_DELEG_STID however, then no such check is done. This could cause incorrect enforcement of permissions, because the nfsd_permission() call in nfs4_check_file uses current the current filehandle, but any subsequent IO operation will use the file descriptor in the stateid. Move the call to nfs4_check_fh into nfs4_check_file instead so that it can be done for all stateid types. Signed-off-by: Jeff Layton <jeff.layton@primarydata.com> [bfields: moved fh check to avoid NULL deref in special stateid case] Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions