On Fri, Oct 17, 2008 at 11:17:47AM -0700, Dean Hildebrand wrote:
> An infinite loop could occur if n > NFS4_FS_LOCATIONS_MAXENTRIES.
>
> Signed-off-by: Dean Hildebrand <dhildeb@xxxxxxxxxx>
> ---
> fs/nfs/nfs4xdr.c | 14 ++++++++++++--
> 1 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
> index b916297..5e59481 100644
> --- a/fs/nfs/nfs4xdr.c
> +++ b/fs/nfs/nfs4xdr.c
> @@ -2577,6 +2577,16 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
> READ32(n);
> if (n <= 0)
> goto out_eio;
> +
> + if (n > NFS4_FS_LOCATIONS_MAXENTRIES) {
> + dprintk("%s: using first %u of %d fs locations\n",
> + __func__, NFS4_FS_LOCATIONS_MAXENTRIES, n);
> + n = NFS4_FS_LOCATIONS_MAXENTRIES;
> + } else {
> + dprintk("%s: using %d fs locations\n",
> + __func__, n);
> + }
I think the first case is the interesting one, so I'd drop the else
clause.
Looks fine otherwise.
The inner loop has the same problem, I assume.
--b.
> +
> res->nlocations = 0;
> while (res->nlocations < n) {
> u32 m;
> @@ -2614,8 +2624,8 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
> status = decode_pathname(xdr, &loc->rootpath);
> if (unlikely(status != 0))
> goto out_eio;
> - if (res->nlocations < NFS4_FS_LOCATIONS_MAXENTRIES)
> - res->nlocations++;
> +
> + res->nlocations++;
> }
> out:
> dprintk("%s: fs_locations done, error = %d\n", __func__, status);
> --
> 1.5.3.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
