svcrpc: don't error out on small tcp fragment
authorJ. Bruce Fields <bfields@redhat.com>
Wed, 26 Jun 2013 14:55:40 +0000 (10:55 -0400)
committerJ. Bruce Fields <bfields@redhat.com>
Mon, 1 Jul 2013 21:32:04 +0000 (17:32 -0400)
Though clients we care about mostly don't do this, it is possible for
rpc requests to be sent in multiple fragments.  Here we have a sanity
check to ensure that the final received rpc isn't too small--except that
the number we're actually checking is the length of just the final
fragment, not of the whole rpc.  So a perfectly legal rpc that's
unluckily fragmented could cause the server to close the connection
here.

Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
net/sunrpc/svcsock.c

index df74919c81c01aa250f28fc1cc32458b4835bf1f..305374d4fb985ec4942040447f91e8d8277ea10d 100644 (file)
@@ -1095,7 +1095,7 @@ static int svc_tcp_recvfrom(struct svc_rqst *rqstp)
                goto err_noclose;
        }
 
-       if (svc_sock_reclen(svsk) < 8) {
+       if (svsk->sk_datalen < 8) {
                svsk->sk_datalen = 0;
                goto err_delete; /* client is nuts. */
        }