| Message ID | 20240125144528.12763-1-mora@netapp.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | NFSD: fix LISTXATTRS returning a short list with eof=TRUE | expand |
On Thu, 2024-01-25 at 07:45 -0700, Jorge Mora wrote: > If the XDR buffer is not large enough to fit all attributes > and the remaining bytes left in the XDR buffer (xdrleft) is > equal to the number of bytes for the current attribute, then > the loop will prematurely exit without setting eof to FALSE. > Also in this case, adding the eof flag to the buffer will > make the reply 4 bytes larger than lsxa_maxcount. > > Need to check if there are enough bytes to fit not only the > next attribute name but also the eof as well. > > Fixes: 23e50fe3a5e6 ("nfsd: implement the xattr functions and en/decode logic") > Signed-off-by: Jorge Mora <mora@netapp.com> > --- > fs/nfsd/nfs4xdr.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c > index 17e6404f4296..26993bf368fc 100644 > --- a/fs/nfsd/nfs4xdr.c > +++ b/fs/nfsd/nfs4xdr.c > @@ -5182,7 +5182,8 @@ nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr, > > slen -= XATTR_USER_PREFIX_LEN; > xdrlen = 4 + ((slen + 3) & ~3); > - if (xdrlen > xdrleft) { > + /* Check if both entry and eof can fit in the XDR buffer */ > + if (xdrlen + 4 > xdrleft) { > if (count == 0) { > /* > * Can't even fit the first attribute name. Reviewed-by: Jeff Layton <jlayton@kernel.org>
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 17e6404f4296..26993bf368fc 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -5182,7 +5182,8 @@ nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr, slen -= XATTR_USER_PREFIX_LEN; xdrlen = 4 + ((slen + 3) & ~3); - if (xdrlen > xdrleft) { + /* Check if both entry and eof can fit in the XDR buffer */ + if (xdrlen + 4 > xdrleft) { if (count == 0) { /* * Can't even fit the first attribute name.
If the XDR buffer is not large enough to fit all attributes and the remaining bytes left in the XDR buffer (xdrleft) is equal to the number of bytes for the current attribute, then the loop will prematurely exit without setting eof to FALSE. Also in this case, adding the eof flag to the buffer will make the reply 4 bytes larger than lsxa_maxcount. Need to check if there are enough bytes to fit not only the next attribute name but also the eof as well. Fixes: 23e50fe3a5e6 ("nfsd: implement the xattr functions and en/decode logic") Signed-off-by: Jorge Mora <mora@netapp.com> --- fs/nfsd/nfs4xdr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)