NFS: Fix filehandle size comparisons in the mount code
authorTrond Myklebust <Trond.Myklebust@netapp.com>
Thu, 19 Jun 2008 19:21:11 +0000 (15:21 -0400)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Mon, 23 Jun 2008 21:09:06 +0000 (17:09 -0400)
Fix a sign issue in xdr_decode_fhstatus3()
Fix incorrect comparison in nfs_validate_mount_data()

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
fs/nfs/mount_clnt.c
fs/nfs/super.c

index 49c7cd0502cc39b9411460ac7b27b6ac367781c2..779d2eb649c57935f8929f02271e48ca03759151 100644 (file)
@@ -130,10 +130,11 @@ static int xdr_decode_fhstatus3(struct rpc_rqst *req, __be32 *p,
                                struct mnt_fhstatus *res)
 {
        struct nfs_fh *fh = res->fh;
+       unsigned size;
 
        if ((res->status = ntohl(*p++)) == 0) {
-               int size = ntohl(*p++);
-               if (size <= NFS3_FHSIZE) {
+               size = ntohl(*p++);
+               if (size <= NFS3_FHSIZE && size != 0) {
                        fh->size = size;
                        memcpy(fh->data, p, size);
                } else
index dac663dc56114a22ad68e60b6264beb0d59f92b7..614efeed5437f95da60a43563130593aa0d02d32 100644 (file)
@@ -1249,13 +1249,13 @@ static int nfs_validate_mount_data(void *options,
        case 5:
                memset(data->context, 0, sizeof(data->context));
        case 6:
-               if (data->flags & NFS_MOUNT_VER3)
+               if (data->flags & NFS_MOUNT_VER3) {
+                       if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
+                               goto out_invalid_fh;
                        mntfh->size = data->root.size;
-               else
+               else
                        mntfh->size = NFS2_FHSIZE;
 
-               if (mntfh->size > sizeof(mntfh->data))
-                       goto out_invalid_fh;
 
                memcpy(mntfh->data, data->root.data, mntfh->size);
                if (mntfh->size < sizeof(mntfh->data))