• NeilBrown's avatar
    NFS4: avoid underflow when converting error to pointer. · 62d98c93
    NeilBrown authored
    In nfs4_create_sec_client, 'flavor' can hold a negative error
    code (returned from nfs4_negotiate_security), even though it
    is an 'enum' and hence unsigned.
    
    The code is careful to cast it to an (int) before testing if it
    is negative, however it doesn't cast to an (int) before calling
    ERR_PTR.
    
    On a machine where "void*" is larger than "int", this results in
    the unsigned equivalent of -1 (e.g. 0xffffffff) being converted
    to a pointer.  Subsequent code determines that this is not
    negative, and so  dereferences it with predictable results.
    
    So: cast 'flavor' to a (signed) int before passing to ERR_PTR.
    
    cc: Benny Halevy <bhalevy@tonian.com>
    Signed-off-by: default avatarNeilBrown <neilb@suse.de>
    Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    62d98c93
nfs4namespace.c 9.38 KB