The NFSv3 readdirplus path doesn't check to see if maxcount is less
than the size of a page before it fills it up, possibly overwriting
random bits of memory. At least, it makes my Solaris NFSv3 client
work.
The attached patch, against 2.5.58, adds this check in a way which is
consistent with the way readdir does under both NFSv2 andNFSv3.
Thanks,
-Ted
---8<---
diff -Naur linux-2.5.58-orig/fs/nfsd/nfs3xdr.c linux-2.5.58/fs/nfsd/nfs3xdr.c
--- linux-2.5.58-orig/fs/nfsd/nfs3xdr.c 2003-01-10 09:41:52.000000000 +0000
+++ linux-2.5.58/fs/nfsd/nfs3xdr.c 2003-01-14 19:57:03.000000000 +0000
@@ -578,6 +578,9 @@
args->dircount = ntohl(*p++);
args->count = ntohl(*p++);
+ if (args->count > PAGE_SIZE)
+ args->count = PAGE_SIZE;
+
svc_take_page(rqstp);
args->buffer = page_address(rqstp->rq_respages[rqstp->rq_resused-1]);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jan 15 2003 - 22:00:52 EST