NFS: Let xdr_read_pages() check for buffer overflows

xdr_read_pages will already do all of the buffer overflow checks that are currently being open-coded in the various callers. This patch simplifies the existing code by replacing the open coded checks. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Trond Myklebust <Trond.Myklebust@netapp.com> 2012-06-20 22:35:05 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2012-06-28 17:20:43 -0400
commit: 64bd577ea0021f5903505de061b3b7d8a785ee94 (patch)
tree: 7081480d903325bb82d2384b69cff4579f289de1 /fs/nfs/nfs2xdr.c
parent: c337d3655ce85e12c7c476cb81406521926cacd2 (diff)
1 files changed, 3 insertions, 19 deletions
diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c
index db81166182c9..d04f0df7be55 100644
--- a/fs/nfs/nfs2xdr.c
+++ b/fs/nfs/nfs2xdr.c
@@ -106,19 +106,16 @@ static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
 static int decode_nfsdata(struct xdr_stream *xdr, struct nfs_readres *result)
 {
        u32 recvd, count;
-        size_t hdrlen;
        __be32 *p;
        p = xdr_inline_decode(xdr, 4);
        if (unlikely(p == NULL))
                goto out_overflow;
        count = be32_to_cpup(p);
-        hdrlen = (u8 *)xdr->p - (u8 *)xdr->iov->iov_base;
+        recvd = xdr_read_pages(xdr, count);
-        recvd = xdr->buf->len - hdrlen;
        if (unlikely(count > recvd))
                goto out_cheating;
 out:
-        xdr_read_pages(xdr, count);
        result->eof = 0;        /* NFSv2 does not pass EOF flag on the wire. */
        result->count = count;
        return count;
@@ -440,7 +437,6 @@ static void encode_path(struct xdr_stream *xdr, struct page **pages, u32 length)
 static int decode_path(struct xdr_stream *xdr)
 {
        u32 length, recvd;
-        size_t hdrlen;
        __be32 *p;
        p = xdr_inline_decode(xdr, 4);
@@ -449,12 +445,9 @@ static int decode_path(struct xdr_stream *xdr)
        length = be32_to_cpup(p);
        if (unlikely(length >= xdr->buf->page_len || length > NFS_MAXPATHLEN))
                goto out_size;
-        hdrlen = (u8 *)xdr->p - (u8 *)xdr->iov->iov_base;
+        recvd = xdr_read_pages(xdr, length);
-        recvd = xdr->buf->len - hdrlen;
        if (unlikely(length > recvd))
                goto out_cheating;
-        xdr_read_pages(xdr, length);
        xdr_terminate_string(xdr->buf, length);
        return 0;
 out_size:
@@ -972,16 +965,7 @@ out_overflow:
 */
 static int decode_readdirok(struct xdr_stream *xdr)
 {
-        u32 recvd, pglen;
+        return xdr_read_pages(xdr, xdr->buf->page_len);
-        size_t hdrlen;
-        pglen = xdr->buf->page_len;
-        hdrlen = (u8 *)xdr->p - (u8 *)xdr->iov->iov_base;
-        recvd = xdr->buf->len - hdrlen;
-        if (pglen > recvd)
-                pglen = recvd;
-        xdr_read_pages(xdr, pglen);
-        return pglen;
 }
 static int nfs2_xdr_dec_readdirres(struct rpc_rqst *req,
author	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-06-20 22:35:05 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-06-28 17:20:43 -0400
commit	64bd577ea0021f5903505de061b3b7d8a785ee94 (patch)
tree	7081480d903325bb82d2384b69cff4579f289de1 /fs/nfs/nfs2xdr.c
parent	c337d3655ce85e12c7c476cb81406521926cacd2 (diff)