diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2014-03-11 17:58:57 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-05-30 17:31:59 -0400 |
| commit | 89ff884ebbd0a667253dd61ade8a0e70b787c84a (patch) | |
| tree | 83e49e034c99c8821fafa064e033837c46c15f82 | |
| parent | 6ff9897d2bcf4036dfd139caeddd6f0a51c9ca06 (diff) | |
nfsd4: nfsd4_check_resp_size should check against whole buffer
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
| -rw-r--r-- | fs/nfsd/nfs4xdr.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 8ce6c8d5ee8a..0eeba2199c8c 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c | |||
| @@ -3762,7 +3762,6 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) | |||
| 3762 | { | 3762 | { |
| 3763 | struct xdr_buf *buf = &resp->rqstp->rq_res; | 3763 | struct xdr_buf *buf = &resp->rqstp->rq_res; |
| 3764 | struct nfsd4_session *session = resp->cstate.session; | 3764 | struct nfsd4_session *session = resp->cstate.session; |
| 3765 | int slack_bytes = (char *)resp->xdr.end - (char *)resp->xdr.p; | ||
| 3766 | 3765 | ||
| 3767 | if (nfsd4_has_session(&resp->cstate)) { | 3766 | if (nfsd4_has_session(&resp->cstate)) { |
| 3768 | struct nfsd4_slot *slot = resp->cstate.slot; | 3767 | struct nfsd4_slot *slot = resp->cstate.slot; |
| @@ -3775,7 +3774,7 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) | |||
| 3775 | return nfserr_rep_too_big_to_cache; | 3774 | return nfserr_rep_too_big_to_cache; |
| 3776 | } | 3775 | } |
| 3777 | 3776 | ||
| 3778 | if (respsize > slack_bytes) { | 3777 | if (buf->len + respsize > buf->buflen) { |
| 3779 | WARN_ON_ONCE(nfsd4_has_session(&resp->cstate)); | 3778 | WARN_ON_ONCE(nfsd4_has_session(&resp->cstate)); |
| 3780 | return nfserr_resource; | 3779 | return nfserr_resource; |
| 3781 | } | 3780 | } |