On Thu, 2024-01-25 at 07:45 -0700, Jorge Mora wrote: > If the XDR buffer is not large enough to fit all attributes > and the remaining bytes left in the XDR buffer (xdrleft) is > equal to the number of bytes for the current attribute, then > the loop will prematurely exit without setting eof to FALSE. > Also in this case, adding the eof flag to the buffer will > make the reply 4 bytes larger than lsxa_maxcount. > > Need to check if there are enough bytes to fit not only the > next attribute name but also the eof as well. > > Fixes: 23e50fe3a5e6 ("nfsd: implement the xattr functions and en/decode logic") > Signed-off-by: Jorge Mora <mora@xxxxxxxxxx> > --- > fs/nfsd/nfs4xdr.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c > index 17e6404f4296..26993bf368fc 100644 > --- a/fs/nfsd/nfs4xdr.c > +++ b/fs/nfsd/nfs4xdr.c > @@ -5182,7 +5182,8 @@ nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr, > > slen -= XATTR_USER_PREFIX_LEN; > xdrlen = 4 + ((slen + 3) & ~3); > - if (xdrlen > xdrleft) { > + /* Check if both entry and eof can fit in the XDR buffer */ > + if (xdrlen + 4 > xdrleft) { > if (count == 0) { > /* > * Can't even fit the first attribute name. Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>