This bug causes nfsd kernel based server to wrongly truncate files while using
offsets over 4G. With patch applied it starts to work right.
~(size_t) 0 is wrong too because size_t on IA32 is mere 32bit and as second
because ~0 is negative I think also causing a remote security issue since users
can truncate files to a negative offset this way.
Same below patch is valid for 2.4.0-test10-pre4 and 2.2.18pre17.
--- 2.4.0-test10-pre4/fs/nfsd/nfs3xdr.c.~1~ Thu Oct 12 03:04:48 2000
+++ 2.4.0-test10-pre4/fs/nfsd/nfs3xdr.c Tue Oct 24 19:33:09 2000
@@ -144,9 +144,9 @@
iap->ia_valid |= ATTR_SIZE;
p = dec64(p, &newsize);
if (newsize <= NFS_OFFSET_MAX)
- iap->ia_size = (u32) newsize;
+ iap->ia_size = newsize;
else
- iap->ia_size = ~(size_t) 0;
+ iap->ia_size = NFS_OFFSET_MAX;
}
if ((tmp = ntohl(*p++)) == 1) { /* set to server time */
iap->ia_valid |= ATTR_ATIME;
2.2.18pre17aa1 include the fix as part of the lfs patch.
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 31 2000 - 21:00:15 EST