Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7e24457 authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFS: Fix filehandle size comparisons in the mount code



Fix a sign issue in xdr_decode_fhstatus3()
Fix incorrect comparison in nfs_validate_mount_data()

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 33852a1f
Loading
Loading
Loading
Loading
+3 −2
Original line number Diff line number Diff line
@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p,
				struct mnt_fhstatus *res)
{
	struct nfs_fh *fh = res->fh;
	unsigned size;

	if ((res->status = ntohl(*p++)) == 0) {
		int size = ntohl(*p++);
		if (size <= NFS3_FHSIZE) {
		size = ntohl(*p++);
		if (size <= NFS3_FHSIZE && size != 0) {
			fh->size = size;
			memcpy(fh->data, p, size);
		} else
+4 −4
Original line number Diff line number Diff line
@@ -1249,13 +1249,13 @@ static int nfs_validate_mount_data(void *options,
	case 5:
		memset(data->context, 0, sizeof(data->context));
	case 6:
		if (data->flags & NFS_MOUNT_VER3)
		if (data->flags & NFS_MOUNT_VER3) {
			if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
				goto out_invalid_fh;
			mntfh->size = data->root.size;
		else
		} else
			mntfh->size = NFS2_FHSIZE;

		if (mntfh->size > sizeof(mntfh->data))
			goto out_invalid_fh;

		memcpy(mntfh->data, data->root.data, mntfh->size);
		if (mntfh->size < sizeof(mntfh->data))