aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfs4xdr.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/nfsd/nfs4xdr.c')
-rw-r--r--fs/nfsd/nfs4xdr.c43
1 files changed, 20 insertions, 23 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 0efba557fb55..fbb4af969243 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -273,42 +273,42 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, struct iattr *ia
273 iattr->ia_valid |= ATTR_SIZE; 273 iattr->ia_valid |= ATTR_SIZE;
274 } 274 }
275 if (bmval[0] & FATTR4_WORD0_ACL) { 275 if (bmval[0] & FATTR4_WORD0_ACL) {
276 int nace, i; 276 int nace;
277 struct nfs4_ace ace; 277 struct nfs4_ace *ace;
278 278
279 READ_BUF(4); len += 4; 279 READ_BUF(4); len += 4;
280 READ32(nace); 280 READ32(nace);
281 281
282 *acl = nfs4_acl_new(); 282 if (nace > NFS4_ACL_MAX)
283 return nfserr_resource;
284
285 *acl = nfs4_acl_new(nace);
283 if (*acl == NULL) { 286 if (*acl == NULL) {
284 host_err = -ENOMEM; 287 host_err = -ENOMEM;
285 goto out_nfserr; 288 goto out_nfserr;
286 } 289 }
287 defer_free(argp, (void (*)(const void *))nfs4_acl_free, *acl); 290 defer_free(argp, kfree, *acl);
288 291
289 for (i = 0; i < nace; i++) { 292 (*acl)->naces = nace;
293 for (ace = (*acl)->aces; ace < (*acl)->aces + nace; ace++) {
290 READ_BUF(16); len += 16; 294 READ_BUF(16); len += 16;
291 READ32(ace.type); 295 READ32(ace->type);
292 READ32(ace.flag); 296 READ32(ace->flag);
293 READ32(ace.access_mask); 297 READ32(ace->access_mask);
294 READ32(dummy32); 298 READ32(dummy32);
295 READ_BUF(dummy32); 299 READ_BUF(dummy32);
296 len += XDR_QUADLEN(dummy32) << 2; 300 len += XDR_QUADLEN(dummy32) << 2;
297 READMEM(buf, dummy32); 301 READMEM(buf, dummy32);
298 ace.whotype = nfs4_acl_get_whotype(buf, dummy32); 302 ace->whotype = nfs4_acl_get_whotype(buf, dummy32);
299 host_err = 0; 303 host_err = 0;
300 if (ace.whotype != NFS4_ACL_WHO_NAMED) 304 if (ace->whotype != NFS4_ACL_WHO_NAMED)
301 ace.who = 0; 305 ace->who = 0;
302 else if (ace.flag & NFS4_ACE_IDENTIFIER_GROUP) 306 else if (ace->flag & NFS4_ACE_IDENTIFIER_GROUP)
303 host_err = nfsd_map_name_to_gid(argp->rqstp, 307 host_err = nfsd_map_name_to_gid(argp->rqstp,
304 buf, dummy32, &ace.who); 308 buf, dummy32, &ace->who);
305 else 309 else
306 host_err = nfsd_map_name_to_uid(argp->rqstp, 310 host_err = nfsd_map_name_to_uid(argp->rqstp,
307 buf, dummy32, &ace.who); 311 buf, dummy32, &ace->who);
308 if (host_err)
309 goto out_nfserr;
310 host_err = nfs4_acl_add_ace(*acl, ace.type, ace.flag,
311 ace.access_mask, ace.whotype, ace.who);
312 if (host_err) 312 if (host_err)
313 goto out_nfserr; 313 goto out_nfserr;
314 } 314 }
@@ -1596,7 +1596,6 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
1596 } 1596 }
1597 if (bmval0 & FATTR4_WORD0_ACL) { 1597 if (bmval0 & FATTR4_WORD0_ACL) {
1598 struct nfs4_ace *ace; 1598 struct nfs4_ace *ace;
1599 struct list_head *h;
1600 1599
1601 if (acl == NULL) { 1600 if (acl == NULL) {
1602 if ((buflen -= 4) < 0) 1601 if ((buflen -= 4) < 0)
@@ -1609,9 +1608,7 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp,
1609 goto out_resource; 1608 goto out_resource;
1610 WRITE32(acl->naces); 1609 WRITE32(acl->naces);
1611 1610
1612 list_for_each(h, &acl->ace_head) { 1611 for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) {
1613 ace = list_entry(h, struct nfs4_ace, l_ace);
1614
1615 if ((buflen -= 4*3) < 0) 1612 if ((buflen -= 4*3) < 0)
1616 goto out_resource; 1613 goto out_resource;
1617 WRITE32(ace->type); 1614 WRITE32(ace->type);
@@ -1821,7 +1818,7 @@ out_acl:
1821 status = nfs_ok; 1818 status = nfs_ok;
1822 1819
1823out: 1820out:
1824 nfs4_acl_free(acl); 1821 kfree(acl);
1825 if (fhp == &tempfh) 1822 if (fhp == &tempfh)
1826 fh_put(&tempfh); 1823 fh_put(&tempfh);
1827 return status; 1824 return status;