nfsd4: enforce rd_dircount As long as we're here, let's enforce the protocol's limit on the number of directory entries to return in a readdir. I don't think anyone's ever noticed our lack of enforcement, but maybe there's more of a chance they will now that we allow larger readdirs. Signed-off-by: J. Bruce Fields <bfields@redhat.com>

commit: 3b299709091befc0e02aa33d55ddd5baef006853 [log] [tgz]
author: J. Bruce Fields <bfields@redhat.com> Thu Mar 20 21:20:26 2014 -0400
committer: J. Bruce Fields <bfields@redhat.com> Fri May 30 17:32:04 2014 -0400
tree: 2d514a4417d20b1a374d8d862ecc787ea0543936
parent: 561f0ed498ca4342573a870779cc645d3fd7dfe7 [diff] [blame]
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
index 4d79e53..3f2a52c 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c

@@ -1033,7 +1033,7 @@
 	READ_BUF(24);
 	READ64(readdir->rd_cookie);
 	COPYMEM(readdir->rd_verf.data, sizeof(readdir->rd_verf.data));
-	READ32(readdir->rd_dircount);    /* just in case you needed a useless field... */
+	READ32(readdir->rd_dircount);
 	READ32(readdir->rd_maxcount);
 	if ((status = nfsd4_decode_bitmap(argp, readdir->rd_bmval)))
 		goto out;
@@ -2720,6 +2720,9 @@
 	if (entry_bytes > cd->rd_maxcount)
 		goto fail;
 	cd->rd_maxcount -= entry_bytes;
+	if (!cd->rd_dircount)
+		goto fail;
+	cd->rd_dircount--;
 	cd->cookie_offset = cookie_offset;
 skip_entry:
 	cd->common.err = nfs_ok;
commit	3b299709091befc0e02aa33d55ddd5baef006853	[log] [tgz]
author	J. Bruce Fields <bfields@redhat.com>	Thu Mar 20 21:20:26 2014 -0400
committer	J. Bruce Fields <bfields@redhat.com>	Fri May 30 17:32:04 2014 -0400
tree	2d514a4417d20b1a374d8d862ecc787ea0543936
parent	561f0ed498ca4342573a870779cc645d3fd7dfe7 [diff] [blame]