]> err.no Git - linux-2.6/commitdiff
nfsd: make nfs4xdr WRITEMEM safe against zero count
authorBenny Halevy <bhalevy@panasas.com>
Thu, 29 May 2008 09:56:08 +0000 (12:56 +0300)
committerJ. Bruce Fields <bfields@citi.umich.edu>
Mon, 23 Jun 2008 17:02:48 +0000 (13:02 -0400)
WRITEMEM zeroes the last word in the destination buffer
for padding purposes, but this must not be done if
no bytes are to be copied, as it would result
in zeroing of the word right before the array.

The current implementation works since it's always called
with non zero nbytes or it follows an encoding of the
string (or opaque) length which, if equal to zero,
can be overwritten with zero.

Nevertheless, it seems safer to check for this case.

Signed-off-by: Benny Halevy <bhalevy@panasas.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
fs/nfsd/nfs4xdr.c

index c513bbdf2d36a2188d286ae1e32cbb81fab16107..9547ab636274de4f65eafad777696ead86a4ed32 100644 (file)
@@ -1201,7 +1201,7 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
        *p++ = htonl((u32)((n) >> 32));                         \
        *p++ = htonl((u32)(n));                                 \
 } while (0)
-#define WRITEMEM(ptr,nbytes)     do {                          \
+#define WRITEMEM(ptr,nbytes)     do if (nbytes > 0) {          \
        *(p + XDR_QUADLEN(nbytes) -1) = 0;                      \
        memcpy(p, ptr, nbytes);                                 \
        p += XDR_QUADLEN(nbytes);                               \