summaryrefslogtreecommitdiff
path: root/block/bounce.c
diff options
context:
space:
mode:
authorBenjamin Coddington <bcodding@redhat.com>2015-11-20 17:55:30 +0300
committerTrond Myklebust <trond.myklebust@primarydata.com>2015-11-24 06:03:15 +0300
commit38b7631fbe42e6e247e9fc9879f961b14a687e3b (patch)
treeedcf8b437182b980a936bc11a46a292c31173c7f /block/bounce.c
parentc68a027c05709330fe5b2f50c50d5fa02124b5d8 (diff)
downloadlinux-38b7631fbe42e6e247e9fc9879f961b14a687e3b.tar.xz
nfs4: limit callback decoding to received bytes
A truncated cb_compound request will cause the client to decode null or data from a previous callback for nfs4.1 backchannel case, or uninitialized data for the nfs4.0 case. This is because the path through svc_process_common() advances the request's iov_base and decrements iov_len without adjusting the overall xdr_buf's len field. That causes xdr_init_decode() to set up the xdr_stream with an incorrect length in nfs4_callback_compound(). Fixing this for the nfs4.1 backchannel case first requires setting the correct iov_len and page_len based on the length of received data in the same manner as the nfs4.0 case. Then the request's xdr_buf length can be adjusted for both cases based upon the remaining iov_len and page_len. Signed-off-by: Benjamin Coddington <bcodding@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'block/bounce.c')
0 files changed, 0 insertions, 0 deletions