1From 741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 Mon Sep 17 00:00:00 2001 2From: "liucheng (G)" <liucheng32@huawei.com> 3Date: Thu, 29 Aug 2019 13:47:40 +0000 4Subject: [PATCH] CVE: nfs: fix stack-based buffer overflow in some nfs_handler 5 reply helper functions 6MIME-Version: 1.0 7Content-Type: text/plain; charset=utf8 8Content-Transfer-Encoding: 8bit 9 10This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197, 11CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204. 12 13Signed-off-by: Cheng Liu <liucheng32@huawei.com> 14Reported-by: FermÃn Serna <fermin@semmle.com> 15Acked-by: Joe Hershberger <joe.hershberger@ni.com> 16--- 17 net/nfs.c | 3 +++ 18 1 file changed, 3 insertions(+) 19 20diff --git a/net/nfs.c b/net/nfs.c 21index d6a7f8e..b7cf3b3 100644 22--- a/net/nfs.c 23+++ b/net/nfs.c 24@@ -732,6 +732,9 @@ static void nfs_handler(uchar *pkt, unsigned dest, struct in_addr sip, 25 26 debug("%s\n", __func__); 27 28+ if (len > sizeof(struct rpc_t)) 29+ return; 30+ 31 if (dest != nfs_our_port) 32 return; 33 34-- 351.9.1 36 37