[PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

[PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

[bjschuma]

From: Bryan Schumaker <bjschuma@netapp.com>

I honestly have no idea where I got 129 from, but it's a much bigger
value than the actual buffer size (INET6_ADDRSTRLEN).

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
---
 fs/nfsd/fault_inject.c | 2 +-
 fs/nfsd/nfs4state.c    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 96ffdf5..7a7b079 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -79,7 +79,7 @@ static void nfsd_inject_set_client(struct nfsd_fault_inject_op *op,
 	clp = nfsd_find_client(addr, addr_size);
 	if (clp) {
 		count = op->forget(clp, 0);
-		rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+		rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
 		printk(KERN_INFO "NFSD [%s]: Client %s had %llu state object(s)\n", op->file, buf, count);
 	}
 	nfs4_unlock_state();
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index eff7340..ce94174 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4614,7 +4614,7 @@ u64 nfsd_forget_client(struct nfs4_client *clp, u64 max)
 u64 nfsd_print_client(struct nfs4_client *clp, u64 num)
 {
 	char buf[INET6_ADDRSTRLEN];
-	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
 	printk(KERN_INFO "NFS Client: %s\n", buf);
 	return 1;
 }
@@ -4623,7 +4623,7 @@ static void nfsd_print_count(struct nfs4_client *clp, unsigned int count,
 			     const char *type)
 {
 	char buf[INET6_ADDRSTRLEN];
-	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, 129);
+	rpc_ntop((struct sockaddr *)&clp->cl_addr, buf, sizeof(buf));
 	printk(KERN_INFO "NFS Client: %s has %u %s\n", buf, count, type);
 }
 
-- 
1.8.0.1

[PATCH 2/2] NFSD: Correct the size calculation in fault_inject_write

[bjschuma]

From: Bryan Schumaker <bjschuma@netapp.com>

If len == 0 we end up with size = (0 - 1), which could cause bad things
to happen in copy_from_user().

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
---
 fs/nfsd/fault_inject.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfsd/fault_inject.c b/fs/nfsd/fault_inject.c
index 7a7b079..e761ee9 100644
--- a/fs/nfsd/fault_inject.c
+++ b/fs/nfsd/fault_inject.c
@@ -122,7 +122,7 @@ static ssize_t fault_inject_write(struct file *file, const char __user *buf,
 				  size_t len, loff_t *ppos)
 {
 	char write_buf[INET6_ADDRSTRLEN];
-	size_t size = min(sizeof(write_buf), len) - 1;
+	size_t size = min(sizeof(write_buf) - 1, len);
 	struct net *net = current->nsproxy->net_ns;
 	struct sockaddr_storage sa;
 	u64 val;
-- 
1.8.0.1

Re: [PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

[Jim Rees]

bjschuma@netapp.com wrote:

  From: Bryan Schumaker <bjschuma@netapp.com>
  
  I honestly have no idea where I got 129 from, but it's a much bigger
  value than the actual buffer size (INET6_ADDRSTRLEN).

128 for the number of bits in an ip6 address, plus one more for the null
terminator bit?

(yes, I'm joking, for those of you with no sense of humor)

Re: [PATCH 1/2] NFSD: Pass correct buffer size to rpc_ntop

[J. Bruce Fields]

On Fri, Dec 07, 2012 at 06:44:20PM -0500, Jim Rees wrote:
> bjschuma@netapp.com wrote:
> 
>   From: Bryan Schumaker <bjschuma@netapp.com>
>   
>   I honestly have no idea where I got 129 from, but it's a much bigger
>   value than the actual buffer size (INET6_ADDRSTRLEN).
> 
> 128 for the number of bits in an ip6 address, plus one more for the null
> terminator bit?
> 
> (yes, I'm joking, for those of you with no sense of humor)

Hm.

Anyway, applying....

--b.