aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2010-05-01 12:56:06 -0400
committerJ. Bruce Fields <bfields@citi.umich.edu>2010-05-07 19:08:47 -0400
commit5d4cec2f2fdbb3d830fa014226d0d965df548bad (patch)
treef5cb399d4fc29aec57e700d2b77731fe68e4a537
parent5306293c9cd2caf41849cc909281bda628bb989e (diff)
nfsd4: fix bare destroy_session null dereference
It's legal to send a DESTROY_SESSION outside any session (as the only operation in a compound), in which case cstate->session will be NULL; check for that case. While we're at it, move these checks into a separate helper function. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r--fs/nfsd/nfs4state.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index f05a3276ba6b..835d6cef9ae9 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1352,6 +1352,13 @@ static bool nfsd4_last_compound_op(struct svc_rqst *rqstp)
1352 return argp->opcnt == resp->opcnt; 1352 return argp->opcnt == resp->opcnt;
1353} 1353}
1354 1354
1355static bool nfsd4_compound_in_session(struct nfsd4_session *session, struct nfs4_sessionid *sid)
1356{
1357 if (!session)
1358 return 0;
1359 return !memcmp(sid, &session->se_sessionid, sizeof(*sid));
1360}
1361
1355__be32 1362__be32
1356nfsd4_destroy_session(struct svc_rqst *r, 1363nfsd4_destroy_session(struct svc_rqst *r,
1357 struct nfsd4_compound_state *cstate, 1364 struct nfsd4_compound_state *cstate,
@@ -1367,8 +1374,7 @@ nfsd4_destroy_session(struct svc_rqst *r,
1367 * - Do we need to clear any callback info from previous session? 1374 * - Do we need to clear any callback info from previous session?
1368 */ 1375 */
1369 1376
1370 if (!memcmp(&sessionid->sessionid, &cstate->session->se_sessionid, 1377 if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {
1371 sizeof(struct nfs4_sessionid))) {
1372 if (!nfsd4_last_compound_op(r)) 1378 if (!nfsd4_last_compound_op(r))
1373 return nfserr_not_only_op; 1379 return nfserr_not_only_op;
1374 } 1380 }