From 403889c0399c01a12877e3736ae1e96c9ded27be Mon Sep 17 00:00:00 2001 From: Kinglong Mee Date: Thu, 24 Sep 2015 20:58:16 +0800 Subject: [PATCH] NFS: Fix bad checking of max taglen in callback request The taglen should be checked with CB_OP_TAGLEN_MAXSZ directly. Signed-off-by: Kinglong Mee Signed-off-by: Trond Myklebust --- fs/nfs/callback_xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c index 9f0f0f646eaf..4ad39fe203f7 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -159,7 +159,7 @@ static __be32 decode_compound_hdr_arg(struct xdr_stream *xdr, struct cb_compound if (unlikely(status != 0)) return status; /* We do not like overly long tags! */ - if (hdr->taglen > CB_OP_TAGLEN_MAXSZ - 12) { + if (hdr->taglen > CB_OP_TAGLEN_MAXSZ) { printk("NFS: NFSv4 CALLBACK %s: client sent tag of length %u\n", __func__, hdr->taglen); return htonl(NFS4ERR_RESOURCE); -- 2.20.1