diff mbox

Bug in xdr_copy_to_scratch???

Message ID 20110317093838.0f15eb98@notabene.brown (mailing list archive)
State RFC, archived
Delegated to: Trond Myklebust
Headers show

Commit Message

NeilBrown March 16, 2011, 10:38 p.m. UTC 
None
diff mbox

Patch

diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 4e2c168..c52b50c 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -2638,11 +2638,13 @@  static int decode_compound_hdr(struct xdr_stream *xdr, struct compound_hdr *hdr)
 	hdr->status = be32_to_cpup(p++);
 	hdr->taglen = be32_to_cpup(p);
 
-	p = xdr_inline_decode(xdr, hdr->taglen + 4);
+	p = xdr_inline_decode(xdr, hdr->taglen);
 	if (unlikely(!p))
 		goto out_overflow;
 	hdr->tag = (char *)p;
-	p += XDR_QUADLEN(hdr->taglen);
+	p = xdr_inline_decode(xdr, 4);
+	if (unlikely(!p))
+		goto out_overflow;
 	hdr->nops = be32_to_cpup(p);
 	if (unlikely(hdr->nops < 1))
 		return nfs4_stat_to_errno(hdr->status);