diff mbox series

[v1,09/61] NFSD: Replace READ* macros in nfsd4_decode_create()

Message ID 160527979096.6186.164949251806384511.stgit@klimt.1015granger.net (mailing list archive)
State New
Headers show
Series Update NFSD XDR functions | expand

Commit Message

Chuck Lever III Nov. 13, 2020, 3:03 p.m. UTC
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/nfsd/nfs4xdr.c |   65 +++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 48 insertions(+), 17 deletions(-)
diff mbox series

Patch

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 2c69bf10d556..3cd5b2c843d8 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -90,6 +90,8 @@  check_filename(char *str, int len)
 
 	if (len == 0)
 		return nfserr_inval;
+	if (len > NFS4_MAXNAMLEN)
+		return nfserr_nametoolong;
 	if (isdotent(str, len))
 		return nfserr_badname;
 	for (i = 0; i < len; i++)
@@ -203,6 +205,32 @@  static char *savemem(struct nfsd4_compoundargs *argp, __be32 *p, int nbytes)
 	return ret;
 }
 
+static __be32 nfsd4_decode_component4(struct nfsd4_compoundargs *argp,
+				      char **namp, u32 *lenp)
+{
+	__be32 *p, status;
+
+	if (xdr_stream_decode_u32(argp->xdr, lenp) < 0)
+		goto xdr_error;
+	p = xdr_inline_decode(argp->xdr, *lenp);
+	if (!p)
+		goto xdr_error;
+	status = check_filename((char *)p, *lenp);
+	if (status)
+		goto out;
+	*namp = svcxdr_tmpalloc(argp, *lenp);
+	if (!*namp)
+		goto nomem;
+	memcpy(*namp, p, *lenp);
+	status = nfs_ok;
+out:
+	return status;
+xdr_error:
+	return nfserr_bad_xdr;
+nomem:
+	return nfserr_jukebox;
+}
+
 static __be32
 nfsd4_decode_time(struct nfsd4_compoundargs *argp, struct timespec64 *tv)
 {
@@ -583,24 +611,27 @@  nfsd4_decode_commit(struct nfsd4_compoundargs *argp, struct nfsd4_commit *commit
 static __be32
 nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create)
 {
-	DECODE_HEAD;
+	__be32 *p, status;
 
-	READ_BUF(4);
-	create->cr_type = be32_to_cpup(p++);
+	if (xdr_stream_decode_u32(argp->xdr, &create->cr_type) < 0)
+		goto xdr_error;
 	switch (create->cr_type) {
 	case NF4LNK:
-		READ_BUF(4);
-		create->cr_datalen = be32_to_cpup(p++);
-		READ_BUF(create->cr_datalen);
+		if (xdr_stream_decode_u32(argp->xdr, &create->cr_datalen) < 0)
+			goto xdr_error;
+		p = xdr_inline_decode(argp->xdr, create->cr_datalen);
+		if (!p)
+			goto xdr_error;
 		create->cr_data = svcxdr_dupstr(argp, p, create->cr_datalen);
 		if (!create->cr_data)
 			return nfserr_jukebox;
 		break;
 	case NF4BLK:
 	case NF4CHR:
-		READ_BUF(8);
-		create->cr_specdata1 = be32_to_cpup(p++);
-		create->cr_specdata2 = be32_to_cpup(p++);
+		if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata1) < 0)
+			goto xdr_error;
+		if (xdr_stream_decode_u32(argp->xdr, &create->cr_specdata2) < 0)
+			goto xdr_error;
 		break;
 	case NF4SOCK:
 	case NF4FIFO:
@@ -609,20 +640,20 @@  nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create
 		break;
 	}
 
-	READ_BUF(4);
-	create->cr_namelen = be32_to_cpup(p++);
-	READ_BUF(create->cr_namelen);
-	SAVEMEM(create->cr_name, create->cr_namelen);
-	if ((status = check_filename(create->cr_name, create->cr_namelen)))
-		return status;
-
+	status = nfsd4_decode_component4(argp, &create->cr_name,
+					 &create->cr_namelen);
+	if (status)
+		goto out;
 	status = nfsd4_decode_fattr(argp, create->cr_bmval, &create->cr_iattr,
 				    &create->cr_acl, &create->cr_label,
 				    &create->cr_umask);
 	if (status)
 		goto out;
 
-	DECODE_TAIL;
+out:
+	return status;
+xdr_error:
+	return nfserr_bad_xdr;
 }
 
 static inline __be32