From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pete Zaitcev <zaitcev@redhat.com>
Subject: [Patch] libcldc: correct length checks in open_end_cb
Date: Tue, 11 Aug 2009 23:28:35 -0600
Message-ID: <20090811232835.73055227@redhat.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <hail-devel-owner@vger.kernel.org>
Sender: hail-devel-owner@vger.kernel.org
List-ID: <hail-devel.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Jeff Garzik <jeff@garzik.org>
Cc: Project Hail List <hail-devel@vger.kernel.org>

Without this patch, open errors cannot be delivered to application
and opens get stuck forever. Also, who added -EINVAL again?! Stop
doing that, the user wants to know what failed: syscall or CLD protocol.

Signed-Off-By: Pete Zaitcev <zaitcev@redhat.com>

diff --git a/lib/cldc.c b/lib/cldc.c
index 072c995..6e1d826 100644
--- a/lib/cldc.c
+++ b/lib/cldc.c
@@ -1001,15 +1001,17 @@ static ssize_t open_end_cb(struct cldc_msg *msg, const void *resp_p,
 	struct cldc_fh *fh = msg->cb_private;
 	enum cle_err_codes resp_rc = CLE_OK;
 
-	if (resp_len < sizeof(*resp))
-		return -EINVAL;
-
 	if (!ok)
 		resp_rc = CLE_TIMEOUT;
-	else
+	else {
+		if (resp_len < sizeof(resp->resp))
+			return -1009;
 		resp_rc = le32_to_cpu(resp->resp.code);
+	}
 
 	if (resp_rc == CLE_OK) {
+		if (resp_len < sizeof(*resp))
+			return -1010;
 		fh->fh_le = resp->fh;
 		fh->valid = true;
 	}