From: Trond Myklebust Date: Sun, 9 Sep 2007 00:10:51 +0200 NFSv4: Fix an Oops in encode_lookup() It doesn't look as if the NFSv4 name length is being initialised correctly in the struct nfs_server. We need to limit any entry there to NFS4_MAXNAMLEN. Signed-off-by: Trond Myklebust --- fs/nfs/client.c | 3 +++ fs/nfs/dir.c | 2 ++ fs/nfs/getroot.c | 3 +++ 3 files changed, 8 insertions(+), 0 deletions(-) diff --git a/fs/nfs/client.c b/fs/nfs/client.c index a49f9fe..54068fb 100644 --- a/fs/nfs/client.c +++ b/fs/nfs/client.c @@ -928,6 +928,9 @@ static int nfs4_init_server(struct nfs_server *server, error = nfs_init_server_rpcclient(server, authflavour); + if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN) + server->namelen = NFS4_MAXNAMLEN; + /* Done */ dprintk("<-- nfs4_init_server() = %d\n", error); return error; diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index ea97408..e4a04d1 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1162,6 +1162,8 @@ static struct dentry *nfs_readdir_lookup(nfs_readdir_descriptor_t *desc) } if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR)) return NULL; + if (name.len > NFS_SERVER(dir)->namelen) + return NULL; /* Note: caller is already holding the dir->i_mutex! */ dentry = d_alloc(parent, &name); if (dentry == NULL) diff --git a/fs/nfs/getroot.c b/fs/nfs/getroot.c index d1cbf0a..522e5ad 100644 --- a/fs/nfs/getroot.c +++ b/fs/nfs/getroot.c @@ -175,6 +175,9 @@ next_component: path++; name.len = path - (const char *) name.name; + if (name.len > NFS4_MAXNAMLEN) + return -ENAMETOOLONG; + eat_dot_dir: while (*path == '/') path++;