diff options
-rw-r--r-- | fs/nfs/nfs4xdr.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c index 404f2e6373f2..00630f42a2b4 100644 --- a/fs/nfs/nfs4xdr.c +++ b/fs/nfs/nfs4xdr.c | |||
@@ -4212,6 +4212,11 @@ static int decode_chan_attrs(struct xdr_stream *xdr, | |||
4212 | return 0; | 4212 | return 0; |
4213 | } | 4213 | } |
4214 | 4214 | ||
4215 | static int decode_sessionid(struct xdr_stream *xdr, struct nfs4_sessionid *sid) | ||
4216 | { | ||
4217 | return decode_opaque_fixed(xdr, sid->data, NFS4_MAX_SESSIONID_LEN); | ||
4218 | } | ||
4219 | |||
4215 | static int decode_create_session(struct xdr_stream *xdr, | 4220 | static int decode_create_session(struct xdr_stream *xdr, |
4216 | struct nfs41_create_session_res *res) | 4221 | struct nfs41_create_session_res *res) |
4217 | { | 4222 | { |
@@ -4221,14 +4226,11 @@ static int decode_create_session(struct xdr_stream *xdr, | |||
4221 | struct nfs4_session *session = clp->cl_session; | 4226 | struct nfs4_session *session = clp->cl_session; |
4222 | 4227 | ||
4223 | status = decode_op_hdr(xdr, OP_CREATE_SESSION); | 4228 | status = decode_op_hdr(xdr, OP_CREATE_SESSION); |
4224 | 4229 | if (!status) | |
4225 | if (status) | 4230 | status = decode_sessionid(xdr, &session->sess_id); |
4231 | if (unlikely(status)) | ||
4226 | return status; | 4232 | return status; |
4227 | 4233 | ||
4228 | /* sessionid */ | ||
4229 | READ_BUF(NFS4_MAX_SESSIONID_LEN); | ||
4230 | COPYMEM(&session->sess_id, NFS4_MAX_SESSIONID_LEN); | ||
4231 | |||
4232 | /* seqid, flags */ | 4234 | /* seqid, flags */ |
4233 | READ_BUF(8); | 4235 | READ_BUF(8); |
4234 | clp->cl_seqid = be32_to_cpup(p++); | 4236 | clp->cl_seqid = be32_to_cpup(p++); |
@@ -4262,7 +4264,9 @@ static int decode_sequence(struct xdr_stream *xdr, | |||
4262 | return 0; | 4264 | return 0; |
4263 | 4265 | ||
4264 | status = decode_op_hdr(xdr, OP_SEQUENCE); | 4266 | status = decode_op_hdr(xdr, OP_SEQUENCE); |
4265 | if (status) | 4267 | if (!status) |
4268 | status = decode_sessionid(xdr, &id); | ||
4269 | if (unlikely(status)) | ||
4266 | goto out_err; | 4270 | goto out_err; |
4267 | 4271 | ||
4268 | /* | 4272 | /* |
@@ -4271,15 +4275,16 @@ static int decode_sequence(struct xdr_stream *xdr, | |||
4271 | */ | 4275 | */ |
4272 | status = -ESERVERFAULT; | 4276 | status = -ESERVERFAULT; |
4273 | 4277 | ||
4274 | slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid]; | ||
4275 | READ_BUF(NFS4_MAX_SESSIONID_LEN + 20); | ||
4276 | COPYMEM(id.data, NFS4_MAX_SESSIONID_LEN); | ||
4277 | if (memcmp(id.data, res->sr_session->sess_id.data, | 4278 | if (memcmp(id.data, res->sr_session->sess_id.data, |
4278 | NFS4_MAX_SESSIONID_LEN)) { | 4279 | NFS4_MAX_SESSIONID_LEN)) { |
4279 | dprintk("%s Invalid session id\n", __func__); | 4280 | dprintk("%s Invalid session id\n", __func__); |
4280 | goto out_err; | 4281 | goto out_err; |
4281 | } | 4282 | } |
4283 | |||
4284 | READ_BUF(20); | ||
4285 | |||
4282 | /* seqid */ | 4286 | /* seqid */ |
4287 | slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid]; | ||
4283 | dummy = be32_to_cpup(p++); | 4288 | dummy = be32_to_cpup(p++); |
4284 | if (dummy != slot->seq_nr) { | 4289 | if (dummy != slot->seq_nr) { |
4285 | dprintk("%s Invalid sequence number\n", __func__); | 4290 | dprintk("%s Invalid sequence number\n", __func__); |