diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2014-10-22 14:46:29 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-10-23 13:39:51 -0400 |
| commit | 51904b08072a8bf2b9ed74d1bd7a5300a614471d (patch) | |
| tree | 13b33ba3eaa53d81fd8090d36d57fc85be330e10 | |
| parent | d1d84c9626bb3a519863b3ffc40d347166f9fb83 (diff) | |
nfsd4: fix crash on unknown operation number
Unknown operation numbers are caught in nfsd4_decode_compound() which
sets op->opnum to OP_ILLEGAL and op->status to nfserr_op_illegal. The
error causes the main loop in nfsd4_proc_compound() to skip most
processing. But nfsd4_proc_compound also peeks ahead at the next
operation in one case and doesn't take similar precautions there.
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
| -rw-r--r-- | fs/nfsd/nfs4proc.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f4bd578bed55..0beb023f25ac 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c | |||
| @@ -1272,7 +1272,8 @@ static bool need_wrongsec_check(struct svc_rqst *rqstp) | |||
| 1272 | */ | 1272 | */ |
| 1273 | if (argp->opcnt == resp->opcnt) | 1273 | if (argp->opcnt == resp->opcnt) |
| 1274 | return false; | 1274 | return false; |
| 1275 | 1275 | if (next->opnum == OP_ILLEGAL) | |
| 1276 | return false; | ||
| 1276 | nextd = OPDESC(next); | 1277 | nextd = OPDESC(next); |
| 1277 | /* | 1278 | /* |
| 1278 | * Rest of 2.6.3.1.1: certain operations will return WRONGSEC | 1279 | * Rest of 2.6.3.1.1: certain operations will return WRONGSEC |