An infinite loop could occur if n > NFS4_FS_LOCATIONS_MAXENTRIES.
Signed-off-by: Dean Hildebrand <dhildeb@xxxxxxxxxx>
---
fs/nfs/nfs4xdr.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index b916297..5e59481 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -2577,6 +2577,16 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
READ32(n);
if (n <= 0)
goto out_eio;
+
+ if (n > NFS4_FS_LOCATIONS_MAXENTRIES) {
+ dprintk("%s: using first %u of %d fs locations\n",
+ __func__, NFS4_FS_LOCATIONS_MAXENTRIES, n);
+ n = NFS4_FS_LOCATIONS_MAXENTRIES;
+ } else {
+ dprintk("%s: using %d fs locations\n",
+ __func__, n);
+ }
+
res->nlocations = 0;
while (res->nlocations < n) {
u32 m;
@@ -2614,8 +2624,8 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
status = decode_pathname(xdr, &loc->rootpath);
if (unlikely(status != 0))
goto out_eio;
- if (res->nlocations < NFS4_FS_LOCATIONS_MAXENTRIES)
- res->nlocations++;
+
+ res->nlocations++;
}
out:
dprintk("%s: fs_locations done, error = %d\n", __func__, status);
--
1.5.3.3
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
