A packet from a mount rpc call doesn't have an NFS error field, so don't
try to access this.
In the case of the MOUNT_UMOUNT procedure the reply package is short
such that accessing the u32 after the rpc_reply structure is already
after the end of the packet. Apart from the access to out-of-packet data
there is no harm because the wrongly read value is unused. But make this
more explicit by only using nfserr if the call was an NFS request.
Fixes: 9ede56ad2476 ("fs: Add NFS support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx>
---
fs/nfs.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/nfs.c b/fs/nfs.c
index d7f156687fc9..7695fd42ba13 100644
--- a/fs/nfs.c
+++ b/fs/nfs.c
@@ -382,7 +382,7 @@ static int rpc_check_reply(unsigned char *pkt,
return -EINVAL;
}
- if (rpc_prog == PROG_PORTMAP)
+ if (rpc_prog != PROG_NFS)
return 0;
data = (uint32_t *)(pkt + sizeof(struct rpc_reply));
@@ -459,7 +459,8 @@ again:
ret = rpc_check_reply(nfs_packet, rpc_prog,
npriv->rpc_id, &nfserr);
if (!ret) {
- ret = nfserr;
+ if (rpc_prog == PROG_NFS)
+ ret = nfserr;
break;
}
}
--
2.20.1
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
