nfsd4: enforce rd_dircount

As long as we're here, let's enforce the protocol's limit on the number of directory entries to return in a readdir. I don't think anyone's ever noticed our lack of enforcement, but maybe there's more of a chance they will now that we allow larger readdirs. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: J. Bruce Fields <bfields@redhat.com> 2014-03-20 21:20:26 -0400
committer: J. Bruce Fields <bfields@redhat.com> 2014-05-30 17:32:04 -0400
commit: 3b299709091befc0e02aa33d55ddd5baef006853 (patch)
tree: 2d514a4417d20b1a374d8d862ecc787ea0543936 /fs/nfsd/nfs4xdr.c
parent: 561f0ed498ca4342573a870779cc645d3fd7dfe7 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 4d79e5366a82..3f2a52ccb9d1 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1033,7 +1033,7 @@ nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *read
        READ_BUF(24);
        READ64(readdir->rd_cookie);
        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
-        READ32(readdir->rd_dircount);    /* just in case you needed a useless field... */
+        READ32(readdir->rd_dircount);
        READ32(readdir->rd_maxcount);
        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
                goto out;
@@ -2720,6 +2720,9 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
        if (entry_bytes > cd->rd_maxcount)
                goto fail;
        cd->rd_maxcount -= entry_bytes;
+        if (!cd->rd_dircount)
+                goto fail;
+        cd->rd_dircount--;
        cd->cookie_offset = cookie_offset;
 skip_entry:
        cd->common.err = nfs_ok;
author	J. Bruce Fields <bfields@redhat.com>	2014-03-20 21:20:26 -0400
committer	J. Bruce Fields <bfields@redhat.com>	2014-05-30 17:32:04 -0400
commit	3b299709091befc0e02aa33d55ddd5baef006853 (patch)
tree	2d514a4417d20b1a374d8d862ecc787ea0543936 /fs/nfsd/nfs4xdr.c
parent	561f0ed498ca4342573a870779cc645d3fd7dfe7 (diff)