Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7e24457 authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFS: Fix filehandle size comparisons in the mount code 



Fix a sign issue in xdr_decode_fhstatus3()
Fix incorrect comparison in nfs_validate_mount_data()

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 33852a1f

fs/nfs/mount_clnt.c

+3 −2
Original line number Diff line number Diff line
@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p, 
				struct mnt_fhstatus *res)

{

	struct nfs_fh *fh = res->fh;

	unsigned size;



	if ((res->status = ntohl(*p++)) == 0) {

		int size = ntohl(*p++);

		if (size <= NFS3_FHSIZE) {

		size = ntohl(*p++);

		if (size <= NFS3_FHSIZE && size != 0) {

			fh->size = size;

			memcpy(fh->data, p, size);

		} else

fs/nfs/super.c

+4 −4
Original line number Diff line number Diff line
@@ -1249,13 +1249,13 @@ static int nfs_validate_mount_data(void *options, 
	case 5:

		memset(data->context, 0, sizeof(data->context));

	case 6:

		if (data->flags & NFS_MOUNT_VER3)

		if (data->flags & NFS_MOUNT_VER3) {

			if (data->root.size > NFS3_FHSIZE || data->root.size == 0)

				goto out_invalid_fh;

			mntfh->size = data->root.size;

		else

		} else

			mntfh->size = NFS2_FHSIZE;



		if (mntfh->size > sizeof(mntfh->data))

			goto out_invalid_fh;



		memcpy(mntfh->data, data->root.data, mntfh->size);

		if (mntfh->size < sizeof(mntfh->data))