svcrpc: explicitly reject compounds that are not padded out to 4-byte multiple

author Jeff Layton <jlayton@redhat.com>

Mon, 10 Mar 2014 15:34:55 +0000 (11:34 -0400)

committer J. Bruce Fields <bfields@redhat.com>

Thu, 27 Mar 2014 20:31:58 +0000 (16:31 -0400)
author Jeff Layton <jlayton@redhat.com>
Mon, 10 Mar 2014 15:34:55 +0000 (11:34 -0400)
committer J. Bruce Fields <bfields@redhat.com>
Thu, 27 Mar 2014 20:31:58 +0000 (16:31 -0400)
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c

index aa04a6a..93b50ba 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1222,7 +1222,6 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
         }
         write->wr_head.iov_base = p;
         write->wr_head.iov_len = avail;
-       WARN_ON(avail != (XDR_QUADLEN(avail) << 2));
         write->wr_pagelist = argp->pagelist;
  
         len = XDR_QUADLEN(write->wr_buflen) << 2;
@@ -3696,6 +3695,12 @@ int nfsd4_release_compoundargs(void *rq, __be32 *p, void *resp)
  int
  nfs4svc_decode_compoundargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compoundargs *args)
  {
+       if (rqstp->rq_arg.head[0].iov_len % 4) {
+               /* client is nuts */
+               dprintk("%s: compound not properly padded! (peeraddr=%pISc xid=0x%x)",
+                       __func__, svc_addr(rqstp), be32_to_cpu(rqstp->rq_xid));
+               return 0;
+       }
         args->p = p;
         args->end = rqstp->rq_arg.head[0].iov_base + rqstp->rq_arg.head[0].iov_len;
         args->pagelist = rqstp->rq_arg.pages;
author	Jeff Layton <jlayton@redhat.com>
	Mon, 10 Mar 2014 15:34:55 +0000 (11:34 -0400)
committer	J. Bruce Fields <bfields@redhat.com>
	Thu, 27 Mar 2014 20:31:58 +0000 (16:31 -0400)