On Tue, 2018-10-23 at 08:40 -0700, Matthew Wilcox wrote:
> On Tue, Oct 23, 2018 at 10:34:57AM -0500, Frank Sorenson wrote:
> >
> > The filehandle has a length which is defined as a 32-bit
> > "unsigned integer". Change sign of the length appropriately.
> >
> > Signed-off-by: Frank Sorenson <sorenson@xxxxxxxxxx>
>
> Is this a cleanup or does it fix a user-visible bug?
It fixes the following comparison:
if (len > NFS4_FHSIZE)
return -EIO;
but in practice, the next line should always catch the buffer overflow
when len is negative:
p = xdr_inline_decode(xdr, len);
if (unlikely(!p))
goto out_overflow;
That said, it is nice to be redundant, so I'm happy to take the patch.
Frank, in the future can you please Cc: the maintainers directly on
your patches? I missed this one completely because my mail filter
directed it to my 'linux-fsdevel' inbox rather than 'linux-nfs'...
Thanks,
Trond
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx
