[PATCH] kNFSdv4: nfsd4_readdir fixes

From: NeilBrown <neilb@cse.unsw.edu.au>

From: "J. Bruce Fields" <bfields@fieldses.org>

Fix out-of-spec errors in nfs4 readdir.  Add checks for bad cookie values.

(plus compile fix from akpm)

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 439157bbab452a8abdd82bd3062a045e88b2d3aa..25362ebb80e26a2e62287a9283fad83446bbb058 100644 (file)
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -448,6 +448,9 @@ out:
 static inline int
 nfsd4_readdir(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_readdir *readdir)
 {
+       u64 cookie = readdir->rd_cookie;
+       static const nfs4_verifier zeroverf;
+
        /* no need to check permission - this will be done in nfsd_readdir() */
 
        if (readdir->rd_bmval[1] & NFSD_WRITEONLY_ATTRS_WORD1)
@@ -456,7 +459,8 @@ nfsd4_readdir(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_re
        readdir->rd_bmval[0] &= NFSD_SUPPORTED_ATTRS_WORD0;
        readdir->rd_bmval[1] &= NFSD_SUPPORTED_ATTRS_WORD1;
 
-       if (readdir->rd_cookie > ~(u32)0)
+       if ((cookie > ~(u32)0) || (cookie == 1) || (cookie == 2) ||
+           (cookie == 0 && memcmp(readdir->rd_verf.data, zeroverf.data, NFS4_VERIFIER_SIZE)))
                return nfserr_bad_cookie;
 
        readdir->rd_rqstp = rqstp;

diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index e5e6445bc565004238f33c25378f7e539e72686e..ad49241d0b2f075f8b7781a25cf3975d3b68827f 100644 (file)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -2179,6 +2179,8 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, int nfserr, struct nfsd4_re
            readdir->common.err == nfserr_toosmall &&
            readdir->buffer == page) 
                nfserr = nfserr_toosmall;
+       if (nfserr == nfserr_symlink)
+               nfserr = nfserr_notdir;
        if (nfserr)
                goto err_no_verf;