Commit 261758b5 authored by Chuck Lever's avatar Chuck Lever Committed by J. Bruce Fields

NFSD: Stricter buffer size checking in write_versions()

While it's not likely today that there are enough NFS versions to
overflow the output buffer in write_versions(), we should be more
careful about detecting the end of the buffer.

The number of NFS versions will only increase as NFSv4 minor versions
are added.

Note that this API doesn't behave the same as portlist.  Here we
attempt to display as many versions as will fit in the buffer, and do
not provide any indication that an overflow would have occurred.  I
don't have any good rationale for that.
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
parent 3d72ab8f
...@@ -793,7 +793,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size) ...@@ -793,7 +793,7 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
{ {
char *mesg = buf; char *mesg = buf;
char *vers, *minorp, sign; char *vers, *minorp, sign;
int len, num; int len, num, remaining;
unsigned minor; unsigned minor;
ssize_t tlen = 0; ssize_t tlen = 0;
char *sep; char *sep;
...@@ -840,32 +840,50 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size) ...@@ -840,32 +840,50 @@ static ssize_t __write_versions(struct file *file, char *buf, size_t size)
} }
next: next:
vers += len + 1; vers += len + 1;
tlen += len;
} while ((len = qword_get(&mesg, vers, size)) > 0); } while ((len = qword_get(&mesg, vers, size)) > 0);
/* If all get turned off, turn them back on, as /* If all get turned off, turn them back on, as
* having no versions is BAD * having no versions is BAD
*/ */
nfsd_reset_versions(); nfsd_reset_versions();
} }
/* Now write current state into reply buffer */ /* Now write current state into reply buffer */
len = 0; len = 0;
sep = ""; sep = "";
remaining = SIMPLE_TRANSACTION_LIMIT;
for (num=2 ; num <= 4 ; num++) for (num=2 ; num <= 4 ; num++)
if (nfsd_vers(num, NFSD_AVAIL)) { if (nfsd_vers(num, NFSD_AVAIL)) {
len += sprintf(buf+len, "%s%c%d", sep, len = snprintf(buf, remaining, "%s%c%d", sep,
nfsd_vers(num, NFSD_TEST)?'+':'-', nfsd_vers(num, NFSD_TEST)?'+':'-',
num); num);
sep = " "; sep = " ";
if (len > remaining)
break;
remaining -= len;
buf += len;
tlen += len;
} }
if (nfsd_vers(4, NFSD_AVAIL)) if (nfsd_vers(4, NFSD_AVAIL))
for (minor = 1; minor <= NFSD_SUPPORTED_MINOR_VERSION; minor++) for (minor = 1; minor <= NFSD_SUPPORTED_MINOR_VERSION;
len += sprintf(buf+len, " %c4.%u", minor++) {
len = snprintf(buf, remaining, " %c4.%u",
(nfsd_vers(4, NFSD_TEST) && (nfsd_vers(4, NFSD_TEST) &&
nfsd_minorversion(minor, NFSD_TEST)) ? nfsd_minorversion(minor, NFSD_TEST)) ?
'+' : '-', '+' : '-',
minor); minor);
len += sprintf(buf+len, "\n");
return len; if (len > remaining)
break;
remaining -= len;
buf += len;
tlen += len;
}
len = snprintf(buf, remaining, "\n");
if (len > remaining)
return -EINVAL;
return tlen + len;
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment