提交 479c2553 编写于 作者: P Petr Vandrovec 提交者: Linus Torvalds

Fix memory corruption caused by nfsd readdir+

Commit 8177e6d6 ("nfsd: clean up
readdirplus encoding") introduced single character typo in nfs3 readdir+
implementation.  Unfortunately that typo has quite bad side effects:
random memory corruption, followed (on my box) with immediate
spontaneous box reboot.

Using 'p1' instead of 'p' fixes my Linux box rebooting whenever VMware
ESXi box tries to list contents of my home directory.
Signed-off-by: NPetr Vandrovec <petr@vandrovec.name>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 156171c7
...@@ -958,7 +958,7 @@ encode_entry(struct readdir_cd *ccd, const char *name, int namlen, ...@@ -958,7 +958,7 @@ encode_entry(struct readdir_cd *ccd, const char *name, int namlen,
p1 = encode_entry_baggage(cd, p1, name, namlen, ino); p1 = encode_entry_baggage(cd, p1, name, namlen, ino);
if (plus) if (plus)
p = encode_entryplus_baggage(cd, p1, name, namlen); p1 = encode_entryplus_baggage(cd, p1, name, namlen);
/* determine entry word length and lengths to go in pages */ /* determine entry word length and lengths to go in pages */
num_entry_words = p1 - tmp; num_entry_words = p1 - tmp;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册