diff options
| author | Guannan Wang <wgnbuaa@gmail.com> | 2026-05-21 11:03:32 +0300 |
|---|---|---|
| committer | Chuck Lever <cel@kernel.org> | 2026-06-09 23:32:59 +0300 |
| commit | 9e18e83b8846a5c3fe13fc8a464b4865d33996c6 (patch) | |
| tree | aeab4189160ff5939cd8195fc434d919bfc08a40 /include/linux/timerqueue.h | |
| parent | 18d216788bef06332ff8901670ecf1ed8f6eb614 (diff) | |
| download | linux-9e18e83b8846a5c3fe13fc8a464b4865d33996c6.tar.xz | |
NFSD: Fix SECINFO_NO_NAME decode error cleanup
nfsd4_decode_secinfo_no_name() currently initializes sin_exp after
decoding sin_style. If the XDR stream is truncated, the decoder returns
nfserr_bad_xdr before sin_exp is initialized.
Since commit 3fdc54646234 ("NFSD: Reduce amount of struct
nfsd4_compoundargs that needs clearing"), the inline iops array is not
cleared between RPC calls. A failed SECINFO_NO_NAME decode can therefore
leave sin_exp holding stale union contents from a previous operation.
The error response path still invokes nfsd4_secinfo_no_name_release(),
which calls exp_put() on a non-NULL sin_exp.
Initialize sin_exp before the first failable decode step, matching
nfsd4_decode_secinfo().
Fixes: 3fdc54646234 ("NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing")
Cc: stable@vger.kernel.org
Signed-off-by: Guannan Wang <wgnbuaa@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'include/linux/timerqueue.h')
0 files changed, 0 insertions, 0 deletions