@@ -1993,43 +1993,51 @@ nfsd4_decode_clone(struct nfsd4_compoundargs *argp, struct nfsd4_clone *clone)
static __be32 nfsd4_decode_nl4_server(struct nfsd4_compoundargs *argp,
struct nl4_server *ns)
{
- DECODE_HEAD;
struct nfs42_netaddr *naddr;
+ __be32 *p;
- READ_BUF(4);
- ns->nl4_type = be32_to_cpup(p++);
+ if (xdr_stream_decode_u32(argp->xdr, &ns->nl4_type) < 0)
+ goto xdr_error;
/* currently support for 1 inter-server source server */
switch (ns->nl4_type) {
case NL4_NETADDR:
naddr = &ns->u.nl4_addr;
- READ_BUF(4);
- naddr->netid_len = be32_to_cpup(p++);
+ if (xdr_stream_decode_u32(argp->xdr, &naddr->netid_len) < 0)
+ goto xdr_error;
if (naddr->netid_len > RPCBIND_MAXNETIDLEN)
goto xdr_error;
- READ_BUF(naddr->netid_len + 4); /* 4 for uaddr len */
- COPYMEM(naddr->netid, naddr->netid_len);
+ p = xdr_inline_decode(argp->xdr, naddr->netid_len);
+ if (!p)
+ goto xdr_error;
+ memcpy(naddr->netid, p, naddr->netid_len);
- naddr->addr_len = be32_to_cpup(p++);
+ if (xdr_stream_decode_u32(argp->xdr, &naddr->addr_len) < 0)
+ goto xdr_error;
if (naddr->addr_len > RPCBIND_MAXUADDRLEN)
goto xdr_error;
- READ_BUF(naddr->addr_len);
- COPYMEM(naddr->addr, naddr->addr_len);
+ p = xdr_inline_decode(argp->xdr, naddr->addr_len);
+ if (!p)
+ goto xdr_error;
+ memcpy(naddr->addr, p, naddr->addr_len);
break;
default:
goto xdr_error;
}
- DECODE_TAIL;
+
+ return nfs_ok;
+xdr_error:
+ return nfserr_bad_xdr;
}
static __be32
nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
{
- DECODE_HEAD;
struct nl4_server *ns_dummy;
+ __be32 *p, status;
int i, count;
status = nfsd4_decode_stateid4(argp, ©->cp_src_stateid);
@@ -2039,7 +2047,9 @@ nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
if (status)
return status;
- READ_BUF(8 + 8 + 8 + 4 + 4 + 4);
+ p = xdr_inline_decode(argp->xdr, sizeof(__be64) * 3 + sizeof(__be32) * 3);
+ if (!p)
+ goto xdr_error;
p = xdr_decode_hyper(p, ©->cp_src_pos);
p = xdr_decode_hyper(p, ©->cp_dst_pos);
p = xdr_decode_hyper(p, ©->cp_count);
@@ -2057,7 +2067,7 @@ nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
/* decode all the supplied server addresses but use first */
status = nfsd4_decode_nl4_server(argp, ©->cp_src);
if (status)
- return status;
+ goto out;
ns_dummy = kmalloc(sizeof(struct nl4_server), GFP_KERNEL);
if (ns_dummy == NULL)
@@ -2071,8 +2081,11 @@ nfsd4_decode_copy(struct nfsd4_compoundargs *argp, struct nfsd4_copy *copy)
}
kfree(ns_dummy);
intra:
-
- DECODE_TAIL;
+ status = nfs_ok;
+out:
+ return status;
+xdr_error:
+ return nfserr_bad_xdr;
}
static __be32
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- fs/nfsd/nfs4xdr.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-)