From aadc19753a18b6a9a9c49ee6763fa6eded2ca900 Mon Sep 17 00:00:00 2001 From: NeilBrown Date: Fri, 11 Jan 2008 17:06:52 -0500 Subject: [PATCH] --- yaml --- r: 75394 b: refs/heads/master c: ba67a39efde8312e386c6f603054f8945433d91f h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/fs/nfsd/nfs3xdr.c | 5 ++++- trunk/fs/nfsd/nfsxdr.c | 5 ++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index ac3e8880d93f..e44924e2b981 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 84427eaef1fb91704c7112bdb598c810003b99f3 +refs/heads/master: ba67a39efde8312e386c6f603054f8945433d91f diff --git a/trunk/fs/nfsd/nfs3xdr.c b/trunk/fs/nfsd/nfs3xdr.c index 2d116d2298f8..f917fd25858a 100644 --- a/trunk/fs/nfsd/nfs3xdr.c +++ b/trunk/fs/nfsd/nfs3xdr.c @@ -388,8 +388,11 @@ nfs3svc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p, * Round the length of the data which was specified up to * the next multiple of XDR units and then compare that * against the length which was actually received. + * Note that when RPCSEC/GSS (for example) is used, the + * data buffer can be padded so dlen might be larger + * than required. It must never be smaller. */ - if (dlen != XDR_QUADLEN(len)*4) + if (dlen < XDR_QUADLEN(len)*4) return 0; if (args->count > max_blocksize) { diff --git a/trunk/fs/nfsd/nfsxdr.c b/trunk/fs/nfsd/nfsxdr.c index 986f9b32083c..b86e3658a0af 100644 --- a/trunk/fs/nfsd/nfsxdr.c +++ b/trunk/fs/nfsd/nfsxdr.c @@ -313,8 +313,11 @@ nfssvc_decode_writeargs(struct svc_rqst *rqstp, __be32 *p, * Round the length of the data which was specified up to * the next multiple of XDR units and then compare that * against the length which was actually received. + * Note that when RPCSEC/GSS (for example) is used, the + * data buffer can be padded so dlen might be larger + * than required. It must never be smaller. */ - if (dlen != XDR_QUADLEN(len)*4) + if (dlen < XDR_QUADLEN(len)*4) return 0; rqstp->rq_vec[0].iov_base = (void*)p;