linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] sunrpc: fix a missing check of xdr_inline_decode
@ 2018-12-26  3:18 Kangjie Lu
  2018-12-26 17:35 ` Chuck Lever
  0 siblings, 1 reply; 2+ messages in thread
From: Kangjie Lu @ 2018-12-26  3:18 UTC (permalink / raw)
  To: kjlu
  Cc: pakki001, J. Bruce Fields, Jeff Layton, Trond Myklebust,
	Anna Schumaker, David S. Miller, Chuck Lever, linux-nfs, netdev,
	linux-kernel

xdr_inline_decode() could fail. When it fails, the return value is NULL
and should not be dereferenced.
The fix checks if xdr_inline_decode fails, and if so, returns.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 net/sunrpc/xprtrdma/backchannel.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/sunrpc/xprtrdma/backchannel.c b/net/sunrpc/xprtrdma/backchannel.c
index e5b367a3e517..bd9be5272ef4 100644
--- a/net/sunrpc/xprtrdma/backchannel.c
+++ b/net/sunrpc/xprtrdma/backchannel.c
@@ -285,6 +285,8 @@ void rpcrdma_bc_receive_call(struct rpcrdma_xprt *r_xprt,
 	__be32 *p;
 
 	p = xdr_inline_decode(&rep->rr_stream, 0);
+	if (unlikely(!p))
+		goto out_overflow;
 	size = xdr_stream_remaining(&rep->rr_stream);
 
 #ifdef RPCRDMA_BACKCHANNEL_DEBUG
-- 
2.17.2 (Apple Git-113)


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] sunrpc: fix a missing check of xdr_inline_decode
  2018-12-26  3:18 [PATCH] sunrpc: fix a missing check of xdr_inline_decode Kangjie Lu
@ 2018-12-26 17:35 ` Chuck Lever
  0 siblings, 0 replies; 2+ messages in thread
From: Chuck Lever @ 2018-12-26 17:35 UTC (permalink / raw)
  To: Kangjie Lu
  Cc: pakki001, Bruce Fields, Jeff Layton, Trond Myklebust,
	Anna Schumaker, David S. Miller, Linux NFS Mailing List, netdev,
	linux-kernel



> On Dec 25, 2018, at 10:18 PM, Kangjie Lu <kjlu@umn.edu> wrote:
> 
> xdr_inline_decode() could fail.

NAK: xdr_inline_decode cannot fail if its second argument is zero.


> When it fails, the return value is NULL
> and should not be dereferenced.
> The fix checks if xdr_inline_decode fails, and if so, returns.
> 
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
> net/sunrpc/xprtrdma/backchannel.c | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/net/sunrpc/xprtrdma/backchannel.c b/net/sunrpc/xprtrdma/backchannel.c
> index e5b367a3e517..bd9be5272ef4 100644
> --- a/net/sunrpc/xprtrdma/backchannel.c
> +++ b/net/sunrpc/xprtrdma/backchannel.c
> @@ -285,6 +285,8 @@ void rpcrdma_bc_receive_call(struct rpcrdma_xprt *r_xprt,
> 	__be32 *p;
> 
> 	p = xdr_inline_decode(&rep->rr_stream, 0);
> +	if (unlikely(!p))
> +		goto out_overflow;
> 	size = xdr_stream_remaining(&rep->rr_stream);
> 
> #ifdef RPCRDMA_BACKCHANNEL_DEBUG
> -- 
> 2.17.2 (Apple Git-113)
> 

--
Chuck Lever




^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-26 17:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-26  3:18 [PATCH] sunrpc: fix a missing check of xdr_inline_decode Kangjie Lu
2018-12-26 17:35 ` Chuck Lever

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).