aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/nfs/nfs4xdr.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 404f2e6373f2..00630f42a2b4 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -4212,6 +4212,11 @@ static int decode_chan_attrs(struct xdr_stream *xdr,
4212 return 0; 4212 return 0;
4213} 4213}
4214 4214
4215static int decode_sessionid(struct xdr_stream *xdr, struct nfs4_sessionid *sid)
4216{
4217 return decode_opaque_fixed(xdr, sid->data, NFS4_MAX_SESSIONID_LEN);
4218}
4219
4215static int decode_create_session(struct xdr_stream *xdr, 4220static int decode_create_session(struct xdr_stream *xdr,
4216 struct nfs41_create_session_res *res) 4221 struct nfs41_create_session_res *res)
4217{ 4222{
@@ -4221,14 +4226,11 @@ static int decode_create_session(struct xdr_stream *xdr,
4221 struct nfs4_session *session = clp->cl_session; 4226 struct nfs4_session *session = clp->cl_session;
4222 4227
4223 status = decode_op_hdr(xdr, OP_CREATE_SESSION); 4228 status = decode_op_hdr(xdr, OP_CREATE_SESSION);
4224 4229 if (!status)
4225 if (status) 4230 status = decode_sessionid(xdr, &session->sess_id);
4231 if (unlikely(status))
4226 return status; 4232 return status;
4227 4233
4228 /* sessionid */
4229 READ_BUF(NFS4_MAX_SESSIONID_LEN);
4230 COPYMEM(&session->sess_id, NFS4_MAX_SESSIONID_LEN);
4231
4232 /* seqid, flags */ 4234 /* seqid, flags */
4233 READ_BUF(8); 4235 READ_BUF(8);
4234 clp->cl_seqid = be32_to_cpup(p++); 4236 clp->cl_seqid = be32_to_cpup(p++);
@@ -4262,7 +4264,9 @@ static int decode_sequence(struct xdr_stream *xdr,
4262 return 0; 4264 return 0;
4263 4265
4264 status = decode_op_hdr(xdr, OP_SEQUENCE); 4266 status = decode_op_hdr(xdr, OP_SEQUENCE);
4265 if (status) 4267 if (!status)
4268 status = decode_sessionid(xdr, &id);
4269 if (unlikely(status))
4266 goto out_err; 4270 goto out_err;
4267 4271
4268 /* 4272 /*
@@ -4271,15 +4275,16 @@ static int decode_sequence(struct xdr_stream *xdr,
4271 */ 4275 */
4272 status = -ESERVERFAULT; 4276 status = -ESERVERFAULT;
4273 4277
4274 slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid];
4275 READ_BUF(NFS4_MAX_SESSIONID_LEN + 20);
4276 COPYMEM(id.data, NFS4_MAX_SESSIONID_LEN);
4277 if (memcmp(id.data, res->sr_session->sess_id.data, 4278 if (memcmp(id.data, res->sr_session->sess_id.data,
4278 NFS4_MAX_SESSIONID_LEN)) { 4279 NFS4_MAX_SESSIONID_LEN)) {
4279 dprintk("%s Invalid session id\n", __func__); 4280 dprintk("%s Invalid session id\n", __func__);
4280 goto out_err; 4281 goto out_err;
4281 } 4282 }
4283
4284 READ_BUF(20);
4285
4282 /* seqid */ 4286 /* seqid */
4287 slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid];
4283 dummy = be32_to_cpup(p++); 4288 dummy = be32_to_cpup(p++);
4284 if (dummy != slot->seq_nr) { 4289 if (dummy != slot->seq_nr) {
4285 dprintk("%s Invalid sequence number\n", __func__); 4290 dprintk("%s Invalid sequence number\n", __func__);