nfsd: Const-ify NFSv4 encoding and decoding ops arrays
authorChuck Lever <chuck.lever@oracle.com>
Tue, 1 Aug 2017 15:59:58 +0000 (11:59 -0400)
committerJ. Bruce Fields <bfields@redhat.com>
Fri, 25 Aug 2017 02:13:50 +0000 (22:13 -0400)
Close an attack vector by moving the arrays of encoding and decoding
methods to read-only memory.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/nfs4xdr.c

index 18b9c2fad29a7a0bd20fd9e4cf87b157a78d00ca..0c3b935d100f7356c1c21881ef016eabf1b5a774 100644 (file)
@@ -1780,7 +1780,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
 
 typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
 
-static nfsd4_dec nfsd4_dec_ops[] = {
+static const nfsd4_dec nfsd4_dec_ops[] = {
        [OP_ACCESS]             = (nfsd4_dec)nfsd4_decode_access,
        [OP_CLOSE]              = (nfsd4_dec)nfsd4_decode_close,
        [OP_COMMIT]             = (nfsd4_dec)nfsd4_decode_commit,
@@ -4224,7 +4224,7 @@ typedef __be32(* nfsd4_enc)(struct nfsd4_compoundres *, __be32, void *);
  * since we don't need to filter out obsolete ops as this is
  * done in the decoding phase.
  */
-static nfsd4_enc nfsd4_enc_ops[] = {
+static const nfsd4_enc nfsd4_enc_ops[] = {
        [OP_ACCESS]             = (nfsd4_enc)nfsd4_encode_access,
        [OP_CLOSE]              = (nfsd4_enc)nfsd4_encode_close,
        [OP_COMMIT]             = (nfsd4_enc)nfsd4_encode_commit,