diff options
Diffstat (limited to 'fs/nfsd/nfs4xdr.c')
| -rw-r--r-- | fs/nfsd/nfs4xdr.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 2d305a121f37..b56b1cc02718 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c | |||
| @@ -600,7 +600,18 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create | |||
| 600 | READ_BUF(4); | 600 | READ_BUF(4); |
| 601 | create->cr_linklen = be32_to_cpup(p++); | 601 | create->cr_linklen = be32_to_cpup(p++); |
| 602 | READ_BUF(create->cr_linklen); | 602 | READ_BUF(create->cr_linklen); |
| 603 | SAVEMEM(create->cr_linkname, create->cr_linklen); | 603 | /* |
| 604 | * The VFS will want a null-terminated string, and | ||
| 605 | * null-terminating in place isn't safe since this might | ||
| 606 | * end on a page boundary: | ||
| 607 | */ | ||
| 608 | create->cr_linkname = | ||
| 609 | kmalloc(create->cr_linklen + 1, GFP_KERNEL); | ||
| 610 | if (!create->cr_linkname) | ||
| 611 | return nfserr_jukebox; | ||
| 612 | memcpy(create->cr_linkname, p, create->cr_linklen); | ||
| 613 | create->cr_linkname[create->cr_linklen] = '\0'; | ||
| 614 | defer_free(argp, kfree, create->cr_linkname); | ||
| 604 | break; | 615 | break; |
| 605 | case NF4BLK: | 616 | case NF4BLK: |
| 606 | case NF4CHR: | 617 | case NF4CHR: |
| @@ -2630,7 +2641,7 @@ nfsd4_encode_rdattr_error(struct xdr_stream *xdr, __be32 nfserr) | |||
| 2630 | { | 2641 | { |
| 2631 | __be32 *p; | 2642 | __be32 *p; |
| 2632 | 2643 | ||
| 2633 | p = xdr_reserve_space(xdr, 6); | 2644 | p = xdr_reserve_space(xdr, 20); |
| 2634 | if (!p) | 2645 | if (!p) |
| 2635 | return NULL; | 2646 | return NULL; |
| 2636 | *p++ = htonl(2); | 2647 | *p++ = htonl(2); |
| @@ -2687,6 +2698,7 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, | |||
| 2687 | nfserr = nfserr_toosmall; | 2698 | nfserr = nfserr_toosmall; |
| 2688 | goto fail; | 2699 | goto fail; |
| 2689 | case nfserr_noent: | 2700 | case nfserr_noent: |
| 2701 | xdr_truncate_encode(xdr, start_offset); | ||
| 2690 | goto skip_entry; | 2702 | goto skip_entry; |
| 2691 | default: | 2703 | default: |
| 2692 | /* | 2704 | /* |
| @@ -3266,7 +3278,7 @@ nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd | |||
| 3266 | 3278 | ||
| 3267 | wire_count = htonl(maxcount); | 3279 | wire_count = htonl(maxcount); |
| 3268 | write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4); | 3280 | write_bytes_to_xdr_buf(xdr->buf, length_offset, &wire_count, 4); |
| 3269 | xdr_truncate_encode(xdr, length_offset + 4 + maxcount); | 3281 | xdr_truncate_encode(xdr, length_offset + 4 + ALIGN(maxcount, 4)); |
| 3270 | if (maxcount & 3) | 3282 | if (maxcount & 3) |
| 3271 | write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount, | 3283 | write_bytes_to_xdr_buf(xdr->buf, length_offset + 4 + maxcount, |
| 3272 | &zero, 4 - (maxcount&3)); | 3284 | &zero, 4 - (maxcount&3)); |