Skip to content

Commit b8db159

Browse files
author
J. Bruce Fields
committed
lockd: fix decoding of TEST results
We fail to advance the read pointer when reading the stat.oh field that identifies the lock-holder in a TEST result. This turns out not to matter if the server is knfsd, which always returns a zero-length field. But other servers (Ganesha is an example) may not do this. The result is bad values in fcntl F_GETLK results. Fix this. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
1 parent 0d4d672 commit b8db159

File tree

2 files changed

+12
-32
lines changed

2 files changed

+12
-32
lines changed

fs/lockd/clnt4xdr.c

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -128,24 +128,14 @@ static void encode_netobj(struct xdr_stream *xdr,
128128
static int decode_netobj(struct xdr_stream *xdr,
129129
struct xdr_netobj *obj)
130130
{
131-
u32 length;
132-
__be32 *p;
131+
ssize_t ret;
133132

134-
p = xdr_inline_decode(xdr, 4);
135-
if (unlikely(p == NULL))
136-
goto out_overflow;
137-
length = be32_to_cpup(p++);
138-
if (unlikely(length > XDR_MAX_NETOBJ))
139-
goto out_size;
140-
obj->len = length;
141-
obj->data = (u8 *)p;
133+
ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data,
134+
XDR_MAX_NETOBJ);
135+
if (unlikely(ret < 0))
136+
return -EIO;
137+
obj->len = ret;
142138
return 0;
143-
out_size:
144-
dprintk("NFS: returned netobj was too long: %u\n", length);
145-
return -EIO;
146-
out_overflow:
147-
print_overflow_msg(__func__, xdr);
148-
return -EIO;
149139
}
150140

151141
/*

fs/lockd/clntxdr.c

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -125,24 +125,14 @@ static void encode_netobj(struct xdr_stream *xdr,
125125
static int decode_netobj(struct xdr_stream *xdr,
126126
struct xdr_netobj *obj)
127127
{
128-
u32 length;
129-
__be32 *p;
128+
ssize_t ret;
130129

131-
p = xdr_inline_decode(xdr, 4);
132-
if (unlikely(p == NULL))
133-
goto out_overflow;
134-
length = be32_to_cpup(p++);
135-
if (unlikely(length > XDR_MAX_NETOBJ))
136-
goto out_size;
137-
obj->len = length;
138-
obj->data = (u8 *)p;
130+
ret = xdr_stream_decode_opaque_inline(xdr, (void *)&obj->data,
131+
XDR_MAX_NETOBJ);
132+
if (unlikely(ret < 0))
133+
return -EIO;
134+
obj->len = ret;
139135
return 0;
140-
out_size:
141-
dprintk("NFS: returned netobj was too long: %u\n", length);
142-
return -EIO;
143-
out_overflow:
144-
print_overflow_msg(__func__, xdr);
145-
return -EIO;
146136
}
147137

148138
/*

0 commit comments

Comments
 (0)