Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
---
fs/nfsd/nfs4xdr.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 1f7eb2f67390..12b90251fbf5 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2187,12 +2187,12 @@ nfsd4_vbuf_from_vector(struct nfsd4_compoundargs *argp, struct xdr_buf *xdr,
static __be32
nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
{
- DECODE_HEAD;
char *name, *sp, *dp;
u32 namelen, cnt;
+ __be32 *p;
- READ_BUF(4);
- namelen = be32_to_cpup(p++);
+ if (xdr_stream_decode_u32(argp->xdr, &namelen) < 0)
+ goto xdr_error;
if (namelen > (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN))
return nfserr_nametoolong;
@@ -2200,12 +2200,12 @@ nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
if (namelen == 0)
goto xdr_error;
- READ_BUF(namelen);
-
+ p = xdr_inline_decode(argp->xdr, namelen);
+ if (!p)
+ goto xdr_error;
name = svcxdr_tmpalloc(argp, namelen + XATTR_USER_PREFIX_LEN + 1);
if (!name)
- return nfserr_jukebox;
-
+ goto nomem;
memcpy(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
/*
@@ -2225,7 +2225,11 @@ nfsd4_decode_xattr_name(struct nfsd4_compoundargs *argp, char **namep)
*namep = name;
- DECODE_TAIL;
+ return nfs_ok;
+xdr_error:
+ return nfserr_bad_xdr;
+nomem:
+ return nfserr_jukebox;
}
/*
