Re: NFS & long symlinks = stack overflow

From: Trond Myklebust
Date: Sat May 15 2004 - 12:39:01 EST

Next message: Colin: "ASUS P4P800 Deluxe motherboard and 1016 BIOS"
Previous message: Linus Torvalds: "Re: [linux-usb-devel] [BK PATCH] USB changes for 2.6.6"
In reply to: viro: "Re: NFS & long symlinks = stack overflow"
Next in thread: Oleg Drokin: "Re: NFS & long symlinks = stack overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2004-05-15 at 10:53, viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
wrote:

> Lovely... How are other clients dealing with that? Put a reasonable
> limit on the size and return an error if READLINK brings more than that?

Yes. The following patch (backported from the NFSv4 code) should do the
right thing...

Cheers,
Trond

--- linux-2.6.6-rc3/fs/nfs/nfs3xdr.c.orig 2004-05-09 01:31:17.000000000 -0400
+++ linux-2.6.6-rc3/fs/nfs/nfs3xdr.c 2004-05-15 13:35:06.000000000 -0400
@@ -742,8 +742,11 @@ nfs3_xdr_readlinkres(struct rpc_rqst *re
strlen = (u32*)kmap_atomic(rcvbuf->pages[0], KM_USER0);
/* Convert length of symlink */
len = ntohl(*strlen);
- if (len > rcvbuf->page_len)
- len = rcvbuf->page_len;
+ if (len > PAGE_CACHE_SIZE - 5) {
+ printk(KERN_WARNING "nfs: server returned giant symlink!\n");
+ kunmap_atomic(strlen, KM_USER0);
+ return -EIO;
+ }
*strlen = len;
/* NULL terminate the string we got */
string = (char *)(strlen + 1);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Colin: "ASUS P4P800 Deluxe motherboard and 1016 BIOS"
Previous message: Linus Torvalds: "Re: [linux-usb-devel] [BK PATCH] USB changes for 2.6.6"
In reply to: viro: "Re: NFS & long symlinks = stack overflow"
Next in thread: Oleg Drokin: "Re: NFS & long symlinks = stack overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]