Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a891633 authored by Kinglong Mee's avatar Kinglong Mee Committed by J. Bruce Fields
Browse files

NFSD: fix bad length checking for backchannel



the length for backchannel checking should be multiplied by sizeof(__be32).

Signed-off-by: default avatarKinglong Mee <kinglongmee@gmail.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent f403e450
Loading
Loading
Loading
Loading
+7 −2
Original line number Original line Diff line number Diff line
@@ -1853,6 +1853,11 @@ static __be32 check_forechannel_attrs(struct nfsd4_channel_attrs *ca, struct nfs
	return nfs_ok;
	return nfs_ok;
}
}


#define NFSD_CB_MAX_REQ_SZ	((NFS4_enc_cb_recall_sz + \
				 RPC_MAX_HEADER_WITH_AUTH) * sizeof(__be32))
#define NFSD_CB_MAX_RESP_SZ	((NFS4_dec_cb_recall_sz + \
				 RPC_MAX_REPHEADER_WITH_AUTH) * sizeof(__be32))

static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
{
{
	ca->headerpadsz = 0;
	ca->headerpadsz = 0;
@@ -1863,9 +1868,9 @@ static __be32 check_backchannel_attrs(struct nfsd4_channel_attrs *ca)
	 * less than 1k.  Tighten up this estimate in the unlikely event
	 * less than 1k.  Tighten up this estimate in the unlikely event
	 * it turns out to be a problem for some client:
	 * it turns out to be a problem for some client:
	 */
	 */
	if (ca->maxreq_sz < NFS4_enc_cb_recall_sz + RPC_MAX_HEADER_WITH_AUTH)
	if (ca->maxreq_sz < NFSD_CB_MAX_REQ_SZ)
		return nfserr_toosmall;
		return nfserr_toosmall;
	if (ca->maxresp_sz < NFS4_dec_cb_recall_sz + RPC_MAX_REPHEADER_WITH_AUTH)
	if (ca->maxresp_sz < NFSD_CB_MAX_RESP_SZ)
		return nfserr_toosmall;
		return nfserr_toosmall;
	ca->maxresp_cached = 0;
	ca->maxresp_cached = 0;
	if (ca->maxops < 2)
	if (ca->maxops < 2)