[PATCH] 2.5.59 knfsd: bounds checking for NFSv3 readdirplus

Ted Phelps (phelps@dstc.edu.au)
Fri, 17 Jan 2003 11:25:48 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adrian Bunk: "Re: Linux 2.5.59"
Previous message: Yaacov Akiba Slama: "Re: 2.5.59-mm1"

For an NFSv3 readdirplus request, knfsd assumes that the outgoing
buffer will be less than a page in length but never checks to see if
this is true (readdir for both NFSv2 and NFSv3 do). This can lead to
random pages getting trashed and failing NFS requests.

The patch below adds this check in a way which is consistent with the
way the readdir functions do.

Thanks,
-Ted

---8<---

diff -Naur linux-2.5.58-orig/fs/nfsd/nfs3xdr.c linux-2.5.58/fs/nfsd/nfs3xdr.c
--- linux-2.5.58-orig/fs/nfsd/nfs3xdr.c 2003-01-10 09:41:52.000000000 +0000
+++ linux-2.5.58/fs/nfsd/nfs3xdr.c 2003-01-14 19:57:03.000000000 +0000
@@ -578,6 +578,9 @@
args->dircount = ntohl(*p++);
args->count = ntohl(*p++);

+ if (args->count > PAGE_SIZE)
+ args->count = PAGE_SIZE;
+
svc_take_page(rqstp);
args->buffer = page_address(rqstp->rq_respages[rqstp->rq_resused-1]);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "Re: Linux 2.5.59"
Previous message: Yaacov Akiba Slama: "Re: 2.5.59-mm1"