Commit 479c2553 authored Nov 14, 2009 by Petr Vandrovec Committed by Linus Torvalds Nov 14, 2009

Fix memory corruption caused by nfsd readdir+



Commit 8177e6d6 ("nfsd: clean up
readdirplus encoding") introduced single character typo in nfs3 readdir+
implementation.  Unfortunately that typo has quite bad side effects:
random memory corruption, followed (on my box) with immediate
spontaneous box reboot.

Using 'p1' instead of 'p' fixes my Linux box rebooting whenever VMware
ESXi box tries to list contents of my home directory.

Signed-off-by: Petr Vandrovec <petr@vandrovec.name>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 156171c7

fs/nfsd/nfs3xdr.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -958,7 +958,7 @@ encode_entry(struct readdir_cd ccd, const char name, int namlen,
		p1 = encode_entry_baggage(cd, p1, name, namlen, ino);

		if (plus)
		p = encode_entryplus_baggage(cd, p1, name, namlen);
		p1 = encode_entryplus_baggage(cd, p1, name, namlen);

		/* determine entry word length and lengths to go in pages */
		num_entry_words = p1 - tmp;