diff options
author | J. Bruce Fields <bfields@citi.umich.edu> | 2010-05-01 12:56:06 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@citi.umich.edu> | 2010-05-07 19:08:47 -0400 |
commit | 5d4cec2f2fdbb3d830fa014226d0d965df548bad (patch) | |
tree | f5cb399d4fc29aec57e700d2b77731fe68e4a537 | |
parent | 5306293c9cd2caf41849cc909281bda628bb989e (diff) |
nfsd4: fix bare destroy_session null dereference
It's legal to send a DESTROY_SESSION outside any session (as the only
operation in a compound), in which case cstate->session will be NULL;
check for that case.
While we're at it, move these checks into a separate helper function.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r-- | fs/nfsd/nfs4state.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index f05a3276ba6b..835d6cef9ae9 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
@@ -1352,6 +1352,13 @@ static bool nfsd4_last_compound_op(struct svc_rqst *rqstp) | |||
1352 | return argp->opcnt == resp->opcnt; | 1352 | return argp->opcnt == resp->opcnt; |
1353 | } | 1353 | } |
1354 | 1354 | ||
1355 | static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid) | ||
1356 | { | ||
1357 | if (!session) | ||
1358 | return 0; | ||
1359 | return !memcmp(sid, &session->se_sessionid, sizeof(*sid)); | ||
1360 | } | ||
1361 | |||
1355 | __be32 | 1362 | __be32 |
1356 | nfsd4_destroy_session(struct svc_rqst *r, | 1363 | nfsd4_destroy_session(struct svc_rqst *r, |
1357 | struct nfsd4_compound_state *cstate, | 1364 | struct nfsd4_compound_state *cstate, |
@@ -1367,8 +1374,7 @@ nfsd4_destroy_session(struct svc_rqst *r, | |||
1367 | * - Do we need to clear any callback info from previous session? | 1374 | * - Do we need to clear any callback info from previous session? |
1368 | */ | 1375 | */ |
1369 | 1376 | ||
1370 | if (!memcmp(&sessionid->sessionid, &cstate->session->se_sessionid, | 1377 | if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) { |
1371 | sizeof(struct nfs4_sessionid))) { | ||
1372 | if (!nfsd4_last_compound_op(r)) | 1378 | if (!nfsd4_last_compound_op(r)) |
1373 | return nfserr_not_only_op; | 1379 | return nfserr_not_only_op; |
1374 | } | 1380 | } |