[PATCH] 2.5.59 knfsd: bounds checking for NFSv3 readdirplus

From: Ted Phelps (phelps@dstc.edu.au)
Date: Fri Jan 17 2003 - 06:25:48 EST

For an NFSv3 readdirplus request, knfsd assumes that the outgoing
buffer will be less than a page in length but never checks to see if
this is true (readdir for both NFSv2 and NFSv3 do). This can lead to
random pages getting trashed and failing NFS requests.

The patch below adds this check in a way which is consistent with the
way the readdir functions do.



diff -Naur linux-2.5.58-orig/fs/nfsd/nfs3xdr.c linux-2.5.58/fs/nfsd/nfs3xdr.c
--- linux-2.5.58-orig/fs/nfsd/nfs3xdr.c 2003-01-10 09:41:52.000000000 +0000
+++ linux-2.5.58/fs/nfsd/nfs3xdr.c 2003-01-14 19:57:03.000000000 +0000
@@ -578,6 +578,9 @@
        args->dircount = ntohl(*p++);
        args->count = ntohl(*p++);
+ if (args->count > PAGE_SIZE)
+ args->count = PAGE_SIZE;
        args->buffer = page_address(rqstp->rq_respages[rqstp->rq_resused-1]);
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Thu Jan 23 2003 - 22:00:15 EST