commit b7e2445737ff69cef892b6fd9cd71cae2c9e9515 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

NFS: Fix filehandle size comparisons in the mount code

Fix a sign issue in xdr_decode_fhstatus3()
Fix incorrect comparison in nfs_validate_mount_data()

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

Trond Myklebust 17 years ago b7e24457 33852a1f

+7 -6

2 changed files

expand all

unified split

nfs

mount_clnt.c

super.c

+3 -2

fs/nfs/mount_clnt.c

··· 130 130 struct mnt_fhstatus *res) 131 131 { 132 132 struct nfs_fh *fh = res->fh; 133 + unsigned size; 133 134 134 135 if ((res->status = ntohl(*p++)) == 0) { 135 - int size = ntohl(*p++); 136 - if (size <= NFS3_FHSIZE) { 136 + size = ntohl(*p++); 137 + if (size <= NFS3_FHSIZE && size != 0) { 137 138 fh->size = size; 138 139 memcpy(fh->data, p, size); 139 140 } else

+4 -4

fs/nfs/super.c

··· 1249 1249 case 5: 1250 1250 memset(data->context, 0, sizeof(data->context)); 1251 1251 case 6: 1252 - if (data->flags & NFS_MOUNT_VER3) 1252 + if (data->flags & NFS_MOUNT_VER3) { 1253 + if (data->root.size > NFS3_FHSIZE || data->root.size == 0) 1254 + goto out_invalid_fh; 1253 1255 mntfh->size = data->root.size; 1254 - else 1256 + } else 1255 1257 mntfh->size = NFS2_FHSIZE; 1256 1258 1257 - if (mntfh->size > sizeof(mntfh->data)) 1258 - goto out_invalid_fh; 1259 1259 1260 1260 memcpy(mntfh->data, data->root.data, mntfh->size); 1261 1261 if (mntfh->size < sizeof(mntfh->data))