Commit b7e24457 authored by Trond Myklebust's avatar Trond Myklebust

NFS: Fix filehandle size comparisons in the mount code

Fix a sign issue in xdr_decode_fhstatus3()
Fix incorrect comparison in nfs_validate_mount_data()
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 33852a1f
...@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p, ...@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p,
struct mnt_fhstatus *res) struct mnt_fhstatus *res)
{ {
struct nfs_fh *fh = res->fh; struct nfs_fh *fh = res->fh;
unsigned size;
if ((res->status = ntohl(*p++)) == 0) { if ((res->status = ntohl(*p++)) == 0) {
int size = ntohl(*p++); size = ntohl(*p++);
if (size <= NFS3_FHSIZE) { if (size <= NFS3_FHSIZE && size != 0) {
fh->size = size; fh->size = size;
memcpy(fh->data, p, size); memcpy(fh->data, p, size);
} else } else
......
...@@ -1249,13 +1249,13 @@ static int nfs_validate_mount_data(void *options, ...@@ -1249,13 +1249,13 @@ static int nfs_validate_mount_data(void *options,
case 5: case 5:
memset(data->context, 0, sizeof(data->context)); memset(data->context, 0, sizeof(data->context));
case 6: case 6:
if (data->flags & NFS_MOUNT_VER3) if (data->flags & NFS_MOUNT_VER3) {
if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
goto out_invalid_fh;
mntfh->size = data->root.size; mntfh->size = data->root.size;
else } else
mntfh->size = NFS2_FHSIZE; mntfh->size = NFS2_FHSIZE;
if (mntfh->size > sizeof(mntfh->data))
goto out_invalid_fh;
memcpy(mntfh->data, data->root.data, mntfh->size); memcpy(mntfh->data, data->root.data, mntfh->size);
if (mntfh->size < sizeof(mntfh->data)) if (mntfh->size < sizeof(mntfh->data))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment