diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2009-08-09 15:09:42 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-08-09 15:09:42 -0400 |
commit | 7ed0ff983c8ad30bf4e2b9fdbb299a3e3ec08d08 (patch) | |
tree | e93eedc32104cf0b6f26b5b8a1fbd61b33df5df8 | |
parent | 0d36c4f7574d5a33bedd8f0e3c793490d45d83c6 (diff) | |
download | op-kernel-dev-7ed0ff983c8ad30bf4e2b9fdbb299a3e3ec08d08.zip op-kernel-dev-7ed0ff983c8ad30bf4e2b9fdbb299a3e3ec08d08.tar.gz |
SUNRPC: Introduce xdr_stream-based decoders for RPCB_UNSET
Replace the open-coded decode logic for rpcbind UNSET results with an
xdr_stream-based implementation, similar to what NFSv4 uses, to
protect against buffer overflows.
The new function is unused for the moment.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r-- | net/sunrpc/rpcb_clnt.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c index e0d7b31..fe183af 100644 --- a/net/sunrpc/rpcb_clnt.c +++ b/net/sunrpc/rpcb_clnt.c @@ -736,6 +736,28 @@ static int rpcb_decode_set(struct rpc_rqst *req, __be32 *p, return 0; } +static int rpcb_dec_set(struct rpc_rqst *req, __be32 *p, + unsigned int *boolp) +{ + struct rpc_task *task = req->rq_task; + struct xdr_stream xdr; + + xdr_init_decode(&xdr, &req->rq_rcv_buf, p); + + p = xdr_inline_decode(&xdr, sizeof(__be32)); + if (unlikely(p == NULL)) + return -EIO; + + *boolp = 0; + if (*p) + *boolp = 1; + + dprintk("RPC: %5u RPCB_%s call %s\n", + task->tk_pid, task->tk_msg.rpc_proc->p_name, + (*boolp ? "succeeded" : "failed")); + return 0; +} + static int encode_rpcb_string(struct xdr_stream *xdr, const char *string, const u32 maxstrlen) { |