NFSD: fix bad length checking for backchannel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

the length for backchannel checking should be multiplied by sizeof(__be32).

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

authored by

Kinglong Mee and committed by

J. Bruce Fields 12 years ago 8a891633 f403e450

+7 -2

1 changed file

expand all

nfsd

nfs4state.c

+7 -2

fs/nfsd/nfs4state.c

··· 1853 1853 return nfs_ok; 1854 1854 } 1855 1855 1856 + #define NFSD_CB_MAX_REQ_SZ ((NFS4_enc_cb_recall_sz + \ 1857 + RPC_MAX_HEADER_WITH_AUTH) * sizeof(__be32)) 1858 + #define NFSD_CB_MAX_RESP_SZ ((NFS4_dec_cb_recall_sz + \ 1859 + RPC_MAX_REPHEADER_WITH_AUTH) * sizeof(__be32)) 1860 + 1856 1861 static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca) 1857 1862 { 1858 1863 ca->headerpadsz = 0; ··· 1868 1863 * less than 1k. Tighten up this estimate in the unlikely event 1869 1864 * it turns out to be a problem for some client: 1870 1865 */ 1871 - if (ca->maxreq_sz < NFS4_enc_cb_recall_sz + RPC_MAX_HEADER_WITH_AUTH) 1866 + if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ) 1872 1867 return nfserr_toosmall; 1873 - if (ca->maxresp_sz < NFS4_dec_cb_recall_sz + RPC_MAX_REPHEADER_WITH_AUTH) 1868 + if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ) 1874 1869 return nfserr_toosmall; 1875 1870 ca->maxresp_cached = 0; 1876 1871 if (ca->maxops < 2)