2012-12-07 21:17:31

by Anna Schumaker

[permalink] [raw]
Subject: [PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

From: Bryan Schumaker <[email protected]>

I honestly have no idea where I got 129 from, but it's a much bigger
value than the actual buffer size (INET6_ADDRSTRLEN).

Signed-off-by: Bryan Schumaker <[email protected]>
---
fs/nfsd/fault_inject.c | 2 +-
fs/nfsd/nfs4state.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 96ffdf5..7a7b079 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -79,7 +79,7 @@ static void nfsd_inject_set_client(struct nfsd_fault_inject_op *op,
clp = nfsd_find_client(addr, addr_size);
if (clp) {
count = op->forget(clp, 0);
- rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+ rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
printk(KERN_INFO "NFSD [%s]: Client %s had %llu state object(s)\n", op->file, buf, count);
}
nfs4_unlock_state();
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index eff7340..ce94174 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4614,7 +4614,7 @@ u64 nfsd_forget_client(struct nfs4_client *clp, u64 max)
u64 nfsd_print_client(struct nfs4_client *clp, u64 num)
{
char buf[INET6_ADDRSTRLEN];
- rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+ rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
printk(KERN_INFO "NFS Client: %s\n", buf);
return 1;
}
@@ -4623,7 +4623,7 @@ static void nfsd_print_count(struct nfs4_client *clp, unsigned int count,
const char *type)
{
char buf[INET6_ADDRSTRLEN];
- rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+ rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type);
}

--
1.8.0.1



2012-12-07 21:17:32

by Anna Schumaker

[permalink] [raw]
Subject: [PATCH 2/2] NFSD: Correct the size calculation in fault_inject_write

From: Bryan Schumaker <[email protected]>

If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <[email protected]>
---
fs/nfsd/fault_inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 7a7b079..e761ee9 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
size_t len, loff_t *ppos)
{
char write_buf[INET6_ADDRSTRLEN];
- size_t size = min(sizeof(write_buf), len) - 1;
+ size_t size = min(sizeof(write_buf) - 1, len);
struct net *net = current->nsproxy->net_ns;
struct sockaddr_storage sa;
u64 val;
--
1.8.0.1


2012-12-10 23:08:14

by J. Bruce Fields

[permalink] [raw]
Subject: Re: [PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

On Fri, Dec 07, 2012 at 06:44:20PM -0500, Jim Rees wrote:
> [email protected] wrote:
>
> From: Bryan Schumaker <[email protected]>
>
> I honestly have no idea where I got 129 from, but it's a much bigger
> value than the actual buffer size (INET6_ADDRSTRLEN).
>
> 128 for the number of bits in an ip6 address, plus one more for the null
> terminator bit?
>
> (yes, I'm joking, for those of you with no sense of humor)

Hm.

Anyway, applying....

--b.

2012-12-07 23:44:29

by Jim Rees

[permalink] [raw]
Subject: Re: [PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

[email protected] wrote:

From: Bryan Schumaker <[email protected]>

I honestly have no idea where I got 129 from, but it's a much bigger
value than the actual buffer size (INET6_ADDRSTRLEN).

128 for the number of bits in an ip6 address, plus one more for the null
terminator bit?

(yes, I'm joking, for those of you with no sense of humor)