nfs_clrpcops.c: Fix two possible large NFSM_DISSECT()s
ClosedPublic
Actions

Authored by rmacklem on Sun, Oct 26, 8:48 PM.

Details

Reviewers

emaste
markj

Commits

rGb9e6206f5933: nfs_clrpcops.c: Fix two possible large NFSM_DISSECT()s

Summary

There are two cases in nfs_clrpcops.c where it was possible
for the code to attempt to NFSM_DISSECT() a large size,
which is not allowed by nfsm_dissct().

This patch fixes them.

Reducing the maximum stripecnt should be no problem,
since there in no extant NFSv4.n server that does striped
File Layout pNFS and current development is centered
around the Flex File layout.

Test Plan

Not really tested, since that would require a broken
pNFS server.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rmacklem created this revision.Sun, Oct 26, 8:48 PM

Herald added a subscriber: imp. · View Herald TranscriptSun, Oct 26, 8:48 PM

rmacklem requested review of this revision.Sun, Oct 26, 8:48 PM

markj accepted this revision.Mon, Oct 27, 1:50 PM

markj added inline comments.

sys/fs/nfsclient/nfs_clrpcops.c.shit3
5810 ↗	(On Diff #165085)	I'd write something like `MHLEN /* ncl_mbuf_mhlen */` since otherwise the use of MHLEN here looks rather odd to me.
5817 ↗	(On Diff #165085)	I wonder why nfsm_dissct() panics instead of just returning NULL if the caller asks for too many bytes?

This revision is now accepted and ready to land.Mon, Oct 27, 1:50 PM

rmacklem added inline comments.Mon, Oct 27, 1:55 PM

sys/fs/nfsclient/nfs_clrpcops.c.shit3
5810 ↗	(On Diff #165085)	I was planning on getting rid of ncl_mbuf_mlen, since it is just set to MHLEN anyhow. (That's why I used MHLEN instead of making ncl_mbuf_mlen global.)
5817 ↗	(On Diff #165085)	So users could find the bugs for me. (Since the panic is the result of too large an argument and is easily fixed once found.) Returning NULL and causing a NFSERR_BADXDR failure would make it appear that the other end was broken and there was no bug in the code.