NFSD: Add missing NFSv2 .pc_func methods

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

There's no protection in nfsd_dispatch() against a NULL .pc_func
helpers. A malicious NFS client can trigger a crash by invoking the
unused/unsupported NFSv2 ROOT or WRITECACHE procedures.

The current NFSD dispatcher does not support returning a void reply
to a non-NULL procedure, so the reply to both of these is wrong, for
the moment.

Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

authored by

Chuck Lever and committed by

J. Bruce Fields 5 years ago 6b3dccd4 13956160

+16

1 changed file

expand all

nfsd

nfsproc.c

+16

fs/nfsd/nfsproc.c

··· 118 118 return nfsd_return_attrs(nfserr, resp); 119 119 } 120 120 121 + /* Obsolete, replaced by MNTPROC_MNT. */ 122 + static __be32 123 + nfsd_proc_root(struct svc_rqst *rqstp) 124 + { 125 + return nfs_ok; 126 + } 127 + 121 128 /* 122 129 * Look up a path name component 123 130 * Note: the dentry in the resp->fh may be negative if the file ··· 208 201 209 202 if (nfserr) return nfserr; 210 203 return fh_getattr(&resp->fh, &resp->stat); 204 + } 205 + 206 + /* Reserved */ 207 + static __be32 208 + nfsd_proc_writecache(struct svc_rqst *rqstp) 209 + { 210 + return nfs_ok; 211 211 } 212 212 213 213 /* ··· 631 617 .pc_xdrressize = ST+AT, 632 618 }, 633 619 [NFSPROC_ROOT] = { 620 + .pc_func = nfsd_proc_root, 634 621 .pc_decode = nfssvc_decode_void, 635 622 .pc_encode = nfssvc_encode_void, 636 623 .pc_argsize = sizeof(struct nfsd_void), ··· 669 654 .pc_xdrressize = ST+AT+1+NFSSVC_MAXBLKSIZE_V2/4, 670 655 }, 671 656 [NFSPROC_WRITECACHE] = { 657 + .pc_func = nfsd_proc_writecache, 672 658 .pc_decode = nfssvc_decode_void, 673 659 .pc_encode = nfssvc_encode_void, 674 660 .pc_argsize = sizeof(struct nfsd_void),