xdr_argsize_check needs to cope with the possibility that the
pointer has wrapped and could be below buf->base.
Signed-off-by: Neil Brown <[email protected]>
### Diffstat output
./fs/nfsd/nfs3xdr.c | 2 +-
./include/linux/nfsd/xdr3.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff ./fs/nfsd/nfs3xdr.c~current~ ./fs/nfsd/nfs3xdr.c
--- ./fs/nfsd/nfs3xdr.c~current~ 2004-08-14 13:21:52.000000000 +1000
+++ ./fs/nfsd/nfs3xdr.c 2004-08-14 13:23:06.000000000 +1000
@@ -273,7 +273,7 @@ xdr_argsize_check(struct svc_rqst *rqstp
{
struct svc_buf *buf = &rqstp->rq_argbuf;
- return p - buf->base <= buf->buflen;
+ return p >= buf->base && p <= buf->base + buf->buflen ;
}
static inline int
diff ./include/linux/nfsd/xdr3.h~current~ ./include/linux/nfsd/xdr3.h
--- ./include/linux/nfsd/xdr3.h~current~ 2004-08-14 13:17:07.000000000 +1000
+++ ./include/linux/nfsd/xdr3.h 2004-08-16 09:48:43.000000000 +1000
@@ -41,7 +41,7 @@ struct nfsd3_writeargs {
__u32 count;
int stable;
__u8 * data;
- int len;
+ __u32 len;
};
struct nfsd3_createargs {
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi all,
what happened to this patch? It never seems to have made it
upstream.
Olaf
On Mon, Aug 16, 2004 at 01:58:43PM +1000, NeilBrown wrote:
>
> xdr_argsize_check needs to cope with the possibility that the
> pointer has wrapped and could be below buf->base.
>
> Signed-off-by: Neil Brown <[email protected]>
>
> ### Diffstat output
> ./fs/nfsd/nfs3xdr.c | 2 +-
> ./include/linux/nfsd/xdr3.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff ./fs/nfsd/nfs3xdr.c~current~ ./fs/nfsd/nfs3xdr.c
> --- ./fs/nfsd/nfs3xdr.c~current~ 2004-08-14 13:21:52.000000000 +1000
> +++ ./fs/nfsd/nfs3xdr.c 2004-08-14 13:23:06.000000000 +1000
> @@ -273,7 +273,7 @@ xdr_argsize_check(struct svc_rqst *rqstp
> {
> struct svc_buf *buf = &rqstp->rq_argbuf;
>
> - return p - buf->base <= buf->buflen;
> + return p >= buf->base && p <= buf->base + buf->buflen ;
> }
>
> static inline int
>
> diff ./include/linux/nfsd/xdr3.h~current~ ./include/linux/nfsd/xdr3.h
> --- ./include/linux/nfsd/xdr3.h~current~ 2004-08-14 13:17:07.000000000 +1000
> +++ ./include/linux/nfsd/xdr3.h 2004-08-16 09:48:43.000000000 +1000
> @@ -41,7 +41,7 @@ struct nfsd3_writeargs {
> __u32 count;
> int stable;
> __u8 * data;
> - int len;
> + __u32 len;
> };
>
> struct nfsd3_createargs {
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
[email protected] | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi Olaf,
On Mon, Jul 11, 2005 at 11:50:16AM +0200, Olaf Kirch wrote:
> Hi all,
>
> what happened to this patch? It never seems to have made it
> upstream.
I think it did, long ago:
nfs3xdr.c 1.10 CSets 11 months neilb Fixed possibly xdr parsing error if write size exceed 2^31
>
> Olaf
>
> On Mon, Aug 16, 2004 at 01:58:43PM +1000, NeilBrown wrote:
> >
> > xdr_argsize_check needs to cope with the possibility that the
> > pointer has wrapped and could be below buf->base.
> >
> > Signed-off-by: Neil Brown <[email protected]>
> >
> > ### Diffstat output
> > ./fs/nfsd/nfs3xdr.c | 2 +-
> > ./include/linux/nfsd/xdr3.h | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff ./fs/nfsd/nfs3xdr.c~current~ ./fs/nfsd/nfs3xdr.c
> > --- ./fs/nfsd/nfs3xdr.c~current~ 2004-08-14 13:21:52.000000000 +1000
> > +++ ./fs/nfsd/nfs3xdr.c 2004-08-14 13:23:06.000000000 +1000
> > @@ -273,7 +273,7 @@ xdr_argsize_check(struct svc_rqst *rqstp
> > {
> > struct svc_buf *buf = &rqstp->rq_argbuf;
> >
> > - return p - buf->base <= buf->buflen;
> > + return p >= buf->base && p <= buf->base + buf->buflen ;
> > }
> >
> > static inline int
> >
> > diff ./include/linux/nfsd/xdr3.h~current~ ./include/linux/nfsd/xdr3.h
> > --- ./include/linux/nfsd/xdr3.h~current~ 2004-08-14 13:17:07.000000000 +1000
> > +++ ./include/linux/nfsd/xdr3.h 2004-08-16 09:48:43.000000000 +1000
> > @@ -41,7 +41,7 @@ struct nfsd3_writeargs {
> > __u32 count;
> > int stable;
> > __u8 * data;
> > - int len;
> > + __u32 len;
> > };
> >
> > struct nfsd3_createargs {
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs