[PATCH 4.4 041/113] nfsd: fix corrupted reply to badly ordered compound

From: Greg Kroah-Hartman
Date: Mon Oct 08 2018 - 14:34:28 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 042/113] ARM: dts: dra7: fix DCAN node addresses"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 023/113] s390/extmem: fix gcc 8 stringop-overflow warning"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 023/113] s390/extmem: fix gcc 8 stringop-overflow warning"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 042/113] ARM: dts: dra7: fix DCAN node addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: "J. Bruce Fields" <bfields@xxxxxxxxxx>

[ Upstream commit 5b7b15aee641904ae269be9846610a3950cbd64c ]

We're encoding a single op in the reply but leaving the number of ops
zero, so the reply makes no sense.

Somewhat academic as this isn't a case any real client will hit, though
in theory perhaps that could change in a future protocol extension.

Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/nfsd/nfs4proc.c | 1 +
1 file changed, 1 insertion(+)

--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1632,6 +1632,7 @@ nfsd4_proc_compound(struct svc_rqst *rqs
if (status) {
op = &args->ops[0];
op->status = status;
+ resp->opcnt = 1;
goto encode_op;
}

Next message: Greg Kroah-Hartman: "[PATCH 4.4 042/113] ARM: dts: dra7: fix DCAN node addresses"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 023/113] s390/extmem: fix gcc 8 stringop-overflow warning"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 023/113] s390/extmem: fix gcc 8 stringop-overflow warning"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 042/113] ARM: dts: dra7: fix DCAN node addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]