nfsd41: nfsd4_decode_compound() does not recognize all ops
authorRicardo Labiaga <Ricardo.Labiaga@netapp.com>
Sat, 12 Dec 2009 03:10:49 +0000 (19:10 -0800)
committerJ. Bruce Fields <bfields@citi.umich.edu>
Wed, 13 Jan 2010 14:42:26 +0000 (09:42 -0500)
The server incorrectly assumes that the operations in the
array start with value 0.  The first operation (OP_ACCESS)
has a value of 3, causing the check in nfsd4_decode_compound
to be off.

Instead of comparing that the operation number is less than
the number of elements in the array, the server should verify
that it is less than the maximum valid operation number
defined by LAST_NFS4_OP.

Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
fs/nfsd/nfs4xdr.c

index a8587e90fd5a837bfce993d9cebaeb9f1697f825..4f14f0c0616f58ce96b468466bf83147d8b4994f 100644 (file)
@@ -1434,7 +1434,7 @@ nfsd4_decode_compound(struct nfsd4_compoundargs *argp)
                }
                op->opnum = ntohl(*argp->p++);
 
-               if (op->opnum >= OP_ACCESS && op->opnum < ops->nops)
+               if (op->opnum >= OP_ACCESS && op->opnum <= LAST_NFS4_OP)
                        op->status = ops->decoders[op->opnum](argp, &op->u);
                else {
                        op->opnum = OP_ILLEGAL;