Re: [Nfs-ganesha-devel] ntirpc patch, inline_xdr_string

Thu, 10 Mar 2016 09:49:44 -0800 

Hi Dominique,

can you do a github PR against nfs-ganesha/ntirpc.git?

Matt

----- Original Message -----
> From: "Dominique Martinet" <dominique.marti...@cea.fr>
> To: "Matt Benjamin" <mbenja...@redhat.com>
> Cc: "nfs-ganesha-devel" <nfs-ganesha-devel@lists.sourceforge.net>
> Sent: Thursday, March 10, 2016 12:29:59 PM
> Subject: Re: ntirpc patch, inline_xdr_string
> 
> Dominique Martinet wrote on Thu, Mar 03, 2016 at 09:55:05PM +0100:
> > got this for inline_xdr_string:
> >  - I don't get why strlen is called on FREE, we don't need size to
> > actually be set for it and if it's a free after a decode that failed
> > (e.g. hit maxlen) then the pointer is not valid
> >  - hence don't trust size for op FREE and early bailout. That's what the
> > other xdr functions I looked at (bytes/array) do
> 
> Matt, how do you want to handle this? PR to github's linuxbox2/ntirpc?
> Or just let you commit it?
> 
> I'm still unsure about the original logic so might have missed something.
> 
> 
> > diff --git a/ntirpc/rpc/xdr_inline.h b/ntirpc/rpc/xdr_inline.h
> > index 1e85cba..48c4d8a 100644
> > --- a/ntirpc/rpc/xdr_inline.h
> > +++ b/ntirpc/rpc/xdr_inline.h
> > @@ -654,32 +654,32 @@ inline_xdr_string(XDR *xdrs, char **cpp, u_int
> > maxsize)
> >         u_int size = 0;         /* XXX remove warning */
> >         u_int nodesize;
> >  
> >         /*
> >          * first deal with the length since xdr strings are
> >      counted-strings
> >          */
> >         switch (xdrs->x_op) {
> >         case XDR_FREE:
> >                 if (sp == NULL)
> >                         return (true);  /* already free */
> > -               /* FALLTHROUGH */
> > +               break;
> >         case XDR_ENCODE:
> >                 if (sp == NULL)
> >                         return false;
> >                 size = strlen(sp);
> >                 break;
> >         case XDR_DECODE:
> >                 break;
> >         }
> >         if (!inline_xdr_u_int(xdrs, &size))
> >                 return (false);
> > -       if (size > maxsize)
> > +       if (size > maxsize && xdrs->x_op != XDR_FREE)
> >                 return (false);
> >         nodesize = size + 1;
> >         if (nodesize == 0) {
> >                 /* This means an overflow.  It a bug in the caller which
> >                  * provided a too large maxsize but nevertheless catch
> >              it
> >                  * here.
> >                  */
> >                 return false;
> >         }
> 
> --
> Dominique
> 

-- 
Matt Benjamin
Red Hat, Inc.
315 West Huron Street, Suite 140A
Ann Arbor, Michigan 48103

http://www.redhat.com/en/technologies/storage

tel.  734-707-0660
fax.  734-769-8938
cel.  734-216-5309

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to