From 065eae6c389ef6d5d1a09d03ec3d1f201aec5424 Mon Sep 17 00:00:00 2001 From: Andrew Morton <akpm@osdl.org> Date: Sat, 17 Apr 2004 03:25:31 -0700 Subject: [PATCH] [PATCH] kNFSdv4: nfsd4_readdir fixes From: NeilBrown <neilb@cse.unsw.edu.au> From: "J. Bruce Fields" <bfields@fieldses.org> Fix out-of-spec errors in nfs4 readdir. Add checks for bad cookie values. (plus compile fix from akpm) --- fs/nfsd/nfs4proc.c | 6 +++++- fs/nfsd/nfs4xdr.c | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 439157bbab45..25362ebb80e2 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -448,6 +448,9 @@ nfsd4_read(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_read static inline int nfsd4_readdir(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_readdir *readdir) { + u64 cookie = readdir->rd_cookie; + static const nfs4_verifier zeroverf; + /* no need to check permission - this will be done in nfsd_readdir() */ if (readdir->rd_bmval[1] & NFSD_WRITEONLY_ATTRS_WORD1) @@ -456,7 +459,8 @@ nfsd4_readdir(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_re readdir->rd_bmval[0] &= NFSD_SUPPORTED_ATTRS_WORD0; readdir->rd_bmval[1] &= NFSD_SUPPORTED_ATTRS_WORD1; - if (readdir->rd_cookie > ~(u32)0) + if ((cookie > ~(u32)0) || (cookie == 1) || (cookie == 2) || + (cookie == 0 && memcmp(readdir->rd_verf.data, zeroverf.data, NFS4_VERIFIER_SIZE))) return nfserr_bad_cookie; readdir->rd_rqstp = rqstp; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index e5e6445bc565..ad49241d0b2f 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2179,6 +2179,8 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, int nfserr, struct nfsd4_re readdir->common.err == nfserr_toosmall && readdir->buffer == page) nfserr = nfserr_toosmall; + if (nfserr == nfserr_symlink) + nfserr = nfserr_notdir; if (nfserr) goto err_no_verf; -- 2.30.9