[PATCH] knfsd: svcrpc: fqdn length fix

Problem identified by Jan Kasprzak.

Limit on domainname_max (currently 50) is too small.

Just use the beginning of input buffer as scratch space for it, and save a
little stack space while we're at it.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

net/sunrpc/svcauth_unix.c

@@ -150,11 +150,14 @@ static void ip_map_request(struct cache_detail *cd,
 }
 
 static struct ip_map *ip_map_lookup(struct ip_map *, int);
+
 static int ip_map_parse(struct cache_detail *cd,
 			  char *mesg, int mlen)
 {
 	/* class ipaddress [domainname] */
-	char class[50], buf[50];
+	/* should be safe just to use the start of the input buffer
+	 * for scratch: */
+	char *buf = mesg;
 	int len;
 	int b1,b2,b3,b4;
 	char c;
@@ -167,13 +170,11 @@ static int ip_map_parse(struct cache_detail *cd,
 	mesg[mlen-1] = 0;
 
 	/* class */
-	len = qword_get(&mesg, class, 50);
+	len = qword_get(&mesg, ipm.m_class, sizeof(ipm.m_class));
 	if (len <= 0) return -EINVAL;
-	if (len >= sizeof(ipm.m_class))
-		return -EINVAL;
 
 	/* ip address */
-	len = qword_get(&mesg, buf, 50);
+	len = qword_get(&mesg, buf, mlen);
 	if (len <= 0) return -EINVAL;
 
 	if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
@@ -184,7 +185,7 @@ static int ip_map_parse(struct cache_detail *cd,
 		return -EINVAL;
 
 	/* domainname, or empty for NEGATIVE */
-	len = qword_get(&mesg, buf, 50);
+	len = qword_get(&mesg, buf, mlen);
 	if (len < 0) return -EINVAL;
 
 	if (len) {
@@ -194,7 +195,6 @@ static int ip_map_parse(struct cache_detail *cd,
 	} else
 		dom = NULL;
 
-	strcpy(ipm.m_class, class);
 	ipm.m_addr.s_addr =
 		htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4);
 	ipm.h.flags = 0;