On 12/02/13 18:03, J. Bruce Fields wrote: >> +static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap, >> > + struct nfs4_label *label) >> > +{ >> > + uint32_t pi = 0; >> > + uint32_t lfs = 0; >> > + __u32 len; >> > + __be32 *p; >> > + int status = 0; >> > + >> > + if (unlikely(bitmap[2] & (FATTR4_WORD2_SECURITY_LABEL - 1U))) >> > + return -EIO; >> > + if (likely(bitmap[2] & FATTR4_WORD2_SECURITY_LABEL)) { >> > + p = xdr_inline_decode(xdr, 4); >> > + if (unlikely(!p)) >> > + goto out_overflow; >> > + lfs = be32_to_cpup(p++); >> > + p = xdr_inline_decode(xdr, 4); >> > + if (unlikely(!p)) >> > + goto out_overflow; >> > + pi = be32_to_cpup(p++); >> > + p = xdr_inline_decode(xdr, 4); >> > + if (unlikely(!p)) >> > + goto out_overflow; >> > + len = be32_to_cpup(p++); >> > + p = xdr_inline_decode(xdr, len); >> > + if (unlikely(!p)) >> > + goto out_overflow; >> > + if (len < XDR_MAX_NETOBJ) { >> > + if (label) { >> > + nfs4_label_init(label); >> > + if (label->len < len) { > If I remember the earlier patch right, nfs4_label_init() just set > label->len to NFS4_MAXLABELLEN. Good good catch... XDR_MAX_NETOBJ should be NFS4_MAXLABELLEN. > > Doesn't that overwrite the length that was passed into > nfs4_get_security_label? Yes... the len will be set to the actual size of the label which will be less than NFS4_MAXLABELLEN. So I'm thinking this overwrite of the is fine. This is the reason nfs4_label_init() resets len to NFS4_MAXLABELLEN steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html