From f796f8b3ae292abb9cb2931e8db6fc1d69bba09d Mon Sep 17 00:00:00 2001 From: Chuck Lever Date: Tue, 14 Dec 2010 14:55:10 +0000 Subject: NFS: Introduce new-style XDR decoding functions for NFSv2 We'd like to prevent local buffer overflows caused by malicious or broken servers. New xdr_stream style decoders can do that. For efficiency, we also eventually want to be able to pass xdr_streams from call_decode() to all XDR decoding functions, rather than building an xdr_stream in every XDR decoding function in the kernel. nfs_decode_dirent() is renamed to follow the naming convention of the other two dirent decoders. Static helper functions are left without the "inline" directive. This allows the compiler to choose automatically how to optimize these for size or speed. Signed-off-by: Chuck Lever Tested-by: J. Bruce Fields Signed-off-by: Trond Myklebust --- fs/nfs/proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'fs/nfs/proc.c') diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c index 58e7f84fc1fd..00df60523aac 100644 --- a/fs/nfs/proc.c +++ b/fs/nfs/proc.c @@ -731,7 +731,7 @@ const struct nfs_rpc_ops nfs_v2_clientops = { .statfs = nfs_proc_statfs, .fsinfo = nfs_proc_fsinfo, .pathconf = nfs_proc_pathconf, - .decode_dirent = nfs_decode_dirent, + .decode_dirent = nfs2_decode_dirent, .read_setup = nfs_proc_read_setup, .read_done = nfs_read_done, .write_setup = nfs_proc_write_setup, -- cgit v1.2.3 From 878215feb8b2417c4700090b4335739858cf7b5a Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Fri, 24 Dec 2010 22:22:37 +0000 Subject: NFS: Don't leak in nfs_proc_symlink() Hi, In fs/nfs/proc.c::nfs_proc_symlink() we will leak memory if either nfs_alloc_fhandle() or nfs_alloc_fattr() returns NULL but the other one doesn't. This patch ensures memory allocated by one when the other fails is always released (this is safe since nfs_free_fattr() and nfs_free_fhandle() both call kfree which deals gracefully with NULL pointers). Signed-off-by: Jesper Juhl Signed-off-by: Trond Myklebust --- fs/nfs/proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'fs/nfs/proc.c') diff --git a/fs/nfs/proc.c b/fs/nfs/proc.c index 00df60523aac..77d5e21c4ad6 100644 --- a/fs/nfs/proc.c +++ b/fs/nfs/proc.c @@ -458,7 +458,7 @@ nfs_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page, fattr = nfs_alloc_fattr(); status = -ENOMEM; if (fh == NULL || fattr == NULL) - goto out; + goto out_free; status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0); nfs_mark_for_revalidate(dir); @@ -471,6 +471,7 @@ nfs_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page, if (status == 0) status = nfs_instantiate(dentry, fh, fattr); +out_free: nfs_free_fattr(fattr); nfs_free_fhandle(fh); out: -- cgit v1.2.3