Hi,
I came across a small bug in the NFS root mount_clnt implementation.
The buffer size in the RPC call structure is not correctly set - worse
is that a rogue pointer (the result size) is entered at the "call count"
spot.
Here is a tiny patch.
- Peter -
--------------617E92BAB30C70EB7CF7A7FA
Content-Type: text/plain; charset=us-ascii;
name="nfs"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nfs"
--- fs/nfs/mount_clnt.c.orig Tue Nov 2 12:05:36 1999
+++ fs/nfs/mount_clnt.c Tue Nov 2 12:15:00 1999
@@ -23,6 +23,11 @@
# define NFSDBG_FACILITY NFSDBG_ROOT
#endif
+#ifndef MAX
+# define MAX(a, b) (((a) > (b))? (a) : (b))
+#endif
+
+
/*
#define MOUNT_PROGRAM 100005
#define MOUNT_VERSION 1
@@ -119,7 +124,7 @@
{ "mnt_mount",
(kxdrproc_t) xdr_encode_dirpath,
(kxdrproc_t) xdr_decode_fhstatus,
- MNT_dirpath_sz, MNT_fhstatus_sz },
+ MAX(MNT_dirpath_sz, MNT_fhstatus_sz), 0},
};
static struct rpc_version mnt_version1 = {
--------------617E92BAB30C70EB7CF7A7FA--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/