Commit 89ff884e authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd4: nfsd4_check_resp_size should check against whole buffer

Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 6ff9897d
...@@ -3762,7 +3762,6 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) ...@@ -3762,7 +3762,6 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
{ {
struct xdr_buf *buf = &resp->rqstp->rq_res; struct xdr_buf *buf = &resp->rqstp->rq_res;
struct nfsd4_session *session = resp->cstate.session; struct nfsd4_session *session = resp->cstate.session;
int slack_bytes = (char *)resp->xdr.end - (char *)resp->xdr.p;
if (nfsd4_has_session(&resp->cstate)) { if (nfsd4_has_session(&resp->cstate)) {
struct nfsd4_slot *slot = resp->cstate.slot; struct nfsd4_slot *slot = resp->cstate.slot;
...@@ -3775,7 +3774,7 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) ...@@ -3775,7 +3774,7 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize)
return nfserr_rep_too_big_to_cache; return nfserr_rep_too_big_to_cache;
} }
if (respsize > slack_bytes) { if (buf->len + respsize > buf->buflen) {
WARN_ON_ONCE(nfsd4_has_session(&resp->cstate)); WARN_ON_ONCE(nfsd4_has_session(&resp->cstate));
return nfserr_resource; return nfserr_resource;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment