summaryrefslogtreecommitdiff
path: root/fs/nfsd/nfs4xdr.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2014-03-20 21:20:26 -0400
committerJ. Bruce Fields <bfields@redhat.com>2014-05-30 17:32:04 -0400
commit3b299709091befc0e02aa33d55ddd5baef006853 (patch)
tree2d514a4417d20b1a374d8d862ecc787ea0543936 /fs/nfsd/nfs4xdr.c
parent561f0ed498ca4342573a870779cc645d3fd7dfe7 (diff)
downloadlinux-next-3b299709091befc0e02aa33d55ddd5baef006853.tar.gz
nfsd4: enforce rd_dircount
As long as we're here, let's enforce the protocol's limit on the number of directory entries to return in a readdir. I don't think anyone's ever noticed our lack of enforcement, but maybe there's more of a chance they will now that we allow larger readdirs. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4xdr.c')
-rw-r--r--fs/nfsd/nfs4xdr.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 4d79e5366a82..3f2a52ccb9d1 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1033,7 +1033,7 @@ nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *read
READ_BUF(24);
READ64(readdir->rd_cookie);
COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
- READ32(readdir->rd_dircount); /* just in case you needed a useless field... */
+ READ32(readdir->rd_dircount);
READ32(readdir->rd_maxcount);
if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
goto out;
@@ -2720,6 +2720,9 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
if (entry_bytes > cd->rd_maxcount)
goto fail;
cd->rd_maxcount -= entry_bytes;
+ if (!cd->rd_dircount)
+ goto fail;
+ cd->rd_dircount--;
cd->cookie_offset = cookie_offset;
skip_entry:
cd->common.err = nfs_ok;