mirror of
https://github.com/torvalds/linux.git
synced 2025-01-01 15:51:46 +00:00
NFSD: Add missing NFSv2 .pc_func methods
There's no protection in nfsd_dispatch() against a NULL .pc_func helpers. A malicious NFS client can trigger a crash by invoking the unused/unsupported NFSv2 ROOT or WRITECACHE procedures. The current NFSD dispatcher does not support returning a void reply to a non-NULL procedure, so the reply to both of these is wrong, for the moment. Cc: <stable@vger.kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
13956160fc
commit
6b3dccd48d
@ -118,6 +118,13 @@ done:
|
||||
return nfsd_return_attrs(nfserr, resp);
|
||||
}
|
||||
|
||||
/* Obsolete, replaced by MNTPROC_MNT. */
|
||||
static __be32
|
||||
nfsd_proc_root(struct svc_rqst *rqstp)
|
||||
{
|
||||
return nfs_ok;
|
||||
}
|
||||
|
||||
/*
|
||||
* Look up a path name component
|
||||
* Note: the dentry in the resp->fh may be negative if the file
|
||||
@ -203,6 +210,13 @@ nfsd_proc_read(struct svc_rqst *rqstp)
|
||||
return fh_getattr(&resp->fh, &resp->stat);
|
||||
}
|
||||
|
||||
/* Reserved */
|
||||
static __be32
|
||||
nfsd_proc_writecache(struct svc_rqst *rqstp)
|
||||
{
|
||||
return nfs_ok;
|
||||
}
|
||||
|
||||
/*
|
||||
* Write data to a file
|
||||
* N.B. After this call resp->fh needs an fh_put
|
||||
@ -617,6 +631,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
|
||||
.pc_xdrressize = ST+AT,
|
||||
},
|
||||
[NFSPROC_ROOT] = {
|
||||
.pc_func = nfsd_proc_root,
|
||||
.pc_decode = nfssvc_decode_void,
|
||||
.pc_encode = nfssvc_encode_void,
|
||||
.pc_argsize = sizeof(struct nfsd_void),
|
||||
@ -654,6 +669,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
|
||||
.pc_xdrressize = ST+AT+1+NFSSVC_MAXBLKSIZE_V2/4,
|
||||
},
|
||||
[NFSPROC_WRITECACHE] = {
|
||||
.pc_func = nfsd_proc_writecache,
|
||||
.pc_decode = nfssvc_decode_void,
|
||||
.pc_encode = nfssvc_encode_void,
|
||||
.pc_argsize = sizeof(struct nfsd_void),
|
||||
|
Loading…
Reference in New Issue
Block a user