[PATCH] nfs client: handle long symlinks properly

In 2.4.31, the v2/3 nfs readlink accepts too long symlinks.
I have tested this by having a server return long symlinks.

diff -u linux-2.4.31.orig/fs/nfs/nfs2xdr.c linux-2.4.31/fs/nfs/nfs2xdr.c

diff --git a/fs/nfs/nfs2xdr.c b/fs/nfs/nfs2xdr.c
index 19f2f28..b4394fe 100644 (file)
--- a/fs/nfs/nfs2xdr.c
+++ b/fs/nfs/nfs2xdr.c
@@ -571,8 +571,11 @@ nfs_xdr_readlinkres(struct rpc_rqst *req, u32 *p, void *dummy)
        strlen = (u32*)kmap(rcvbuf->pages[0]);
        /* Convert length of symlink */
        len = ntohl(*strlen);
-       if (len > rcvbuf->page_len)
-               len = rcvbuf->page_len;
+       if (len >= rcvbuf->page_len - sizeof(u32) || len > NFS2_MAXPATHLEN) {
+               printk(KERN_WARNING "NFS: server returned giant symlink!\n");
+               kunmap(rcvbuf->pages[0]);
+               return -ENAMETOOLONG;
+        }
        *strlen = len;
        /* NULL terminate the string we got */
        string = (char *)(strlen + 1);

diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
index 5606222..d586c79 100644 (file)
--- a/fs/nfs/nfs3xdr.c
+++ b/fs/nfs/nfs3xdr.c
@@ -759,8 +759,11 @@ nfs3_xdr_readlinkres(struct rpc_rqst *req, u32 *p, struct nfs_fattr *fattr)
        strlen = (u32*)kmap(rcvbuf->pages[0]);
        /* Convert length of symlink */
        len = ntohl(*strlen);
-       if (len > rcvbuf->page_len)
-               len = rcvbuf->page_len;
+       if (len >= rcvbuf->page_len - sizeof(u32)) {
+               printk(KERN_WARNING "NFS: server returned giant symlink!\n");
+               kunmap(rcvbuf->pages[0]);
+               return -ENAMETOOLONG;
+        }
        *strlen = len;
        /* NULL terminate the string we got */
        string = (char *)(strlen + 1);