nfsd: make nfs4xdr WRITEMEM safe against zero count

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

WRITEMEM zeroes the last word in the destination buffer
for padding purposes, but this must not be done if
no bytes are to be copied, as it would result
in zeroing of the word right before the array.

The current implementation works since it's always called
with non zero nbytes or it follows an encoding of the
string (or opaque) length which, if equal to zero,
can be overwritten with zero.

Nevertheless, it seems safer to check for this case.

Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

authored by

Benny Halevy and committed by

J. Bruce Fields 18 years ago 13b1867c 3b12cd98

+1 -1

1 changed file

expand all

nfsd

nfs4xdr.c

+1 -1

fs/nfsd/nfs4xdr.c

··· 1201 1201 *p++ = htonl((u32)((n) >> 32)); \ 1202 1202 *p++ = htonl((u32)(n)); \ 1203 1203 } while (0) 1204 - #define WRITEMEM(ptr,nbytes) do { \ 1204 + #define WRITEMEM(ptr,nbytes) do if (nbytes > 0) { \ 1205 1205 *(p + XDR_QUADLEN(nbytes) -1) = 0; \ 1206 1206 memcpy(p, ptr, nbytes); \ 1207 1207 p += XDR_QUADLEN(nbytes); \