nfsd4: enforce rd_dircount
authorJ. Bruce Fields <bfields@redhat.com>
Fri, 21 Mar 2014 01:20:26 +0000 (21:20 -0400)
committerJ. Bruce Fields <bfields@redhat.com>
Fri, 30 May 2014 21:32:04 +0000 (17:32 -0400)
As long as we're here, let's enforce the protocol's limit on the number
of directory entries to return in a readdir.

I don't think anyone's ever noticed our lack of enforcement, but maybe
there's more of a chance they will now that we allow larger readdirs.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
fs/nfsd/nfs4xdr.c

index 4d79e5366a82bd886d042a07d4c1dec3a0654b29..3f2a52ccb9d15e3a4a235ce31c78d161996e8436 100644 (file)
@@ -1033,7 +1033,7 @@ nfsd4_decode_readdir(struct nfsd4_compoundargs *argp, struct nfsd4_readdir *read
        READ_BUF(24);
        READ64(readdir->rd_cookie);
        COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
-       READ32(readdir->rd_dircount);    /* just in case you needed a useless field... */
+       READ32(readdir->rd_dircount);
        READ32(readdir->rd_maxcount);
        if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
                goto out;
@@ -2720,6 +2720,9 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
        if (entry_bytes > cd->rd_maxcount)
                goto fail;
        cd->rd_maxcount -= entry_bytes;
+       if (!cd->rd_dircount)
+               goto fail;
+       cd->rd_dircount--;
        cd->cookie_offset = cookie_offset;
 skip_entry:
        cd->common.err = nfs_ok;