On Sat, Feb 16, 2013 at 03:35:26PM -0500, Steve Dickson wrote: > On 12/02/13 18:03, J. Bruce Fields wrote: > >> +static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap, > >> > + struct nfs4_label *label) > >> > +{ > >> > + uint32_t pi = 0; > >> > + uint32_t lfs = 0; > >> > + __u32 len; > >> > + __be32 *p; > >> > + int status = 0; > >> > + > >> > + if (unlikely(bitmap[2] & (FATTR4_WORD2_SECURITY_LABEL - 1U))) > >> > + return -EIO; > >> > + if (likely(bitmap[2] & FATTR4_WORD2_SECURITY_LABEL)) { > >> > + p = xdr_inline_decode(xdr, 4); > >> > + if (unlikely(!p)) > >> > + goto out_overflow; > >> > + lfs = be32_to_cpup(p++); > >> > + p = xdr_inline_decode(xdr, 4); > >> > + if (unlikely(!p)) > >> > + goto out_overflow; > >> > + pi = be32_to_cpup(p++); > >> > + p = xdr_inline_decode(xdr, 4); > >> > + if (unlikely(!p)) > >> > + goto out_overflow; > >> > + len = be32_to_cpup(p++); > >> > + p = xdr_inline_decode(xdr, len); > >> > + if (unlikely(!p)) > >> > + goto out_overflow; > >> > + if (len < XDR_MAX_NETOBJ) { > >> > + if (label) { > >> > + nfs4_label_init(label); > >> > + if (label->len < len) { > > If I remember the earlier patch right, nfs4_label_init() just set > > label->len to NFS4_MAXLABELLEN. > Good good catch... XDR_MAX_NETOBJ should be NFS4_MAXLABELLEN. > > > > > Doesn't that overwrite the length that was passed into > > nfs4_get_security_label? > Yes... the len will be set to the actual size of the label which > will be less than NFS4_MAXLABELLEN. So I'm thinking this overwrite > of the is fine. > > This is the reason nfs4_label_init() resets len to NFS4_MAXLABELLEN OK, but then if (label->len < len) is equivalent to if (NFS4_MAXLABELLEN < len) Why are we checking len twice? You may want to just remove nfs4_label_init() entirely. This is the only caller, and it doesn't seem very useful. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html