7cf6c7bcb6
[ Upstream commit 90bfc37b5ab91c1a6165e3e5cfc49bf04571b762 ]
Ensure that stream-based argument decoding can't go past the actual
end of the receive buffer. xdr_init_decode's calculation of the
value of xdr->end over-estimates the end of the buffer because the
Linux kernel RPC server code does not remove the size of the RPC
header from rqstp->rq_arg before calling the upper layer's
dispatcher.
The server-side still uses the svc_getnl() macros to decode the
RPC call header. These macros reduce the length of the head iov
but do not update the total length of the message in the buffer
(buf->len).
A proper fix for this would be to replace the use of svc_getnl() and
friends in the RPC header decoder, but that would be a large and
invasive change that would be difficult to backport.
Fixes: 5191955d6fc6 ("SUNRPC: Prepare for xdr_stream-style decoding on the server-side")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|---|---|---|
| .. | ||
| addr.h | ||
| auth.h | ||
| auth_gss.h | ||
| bc_xprt.h | ||
| cache.h | ||
| clnt.h | ||
| debug.h | ||
| gss_api.h | ||
| gss_asn1.h | ||
| gss_err.h | ||
| gss_krb5.h | ||
| gss_krb5_enctypes.h | ||
| metrics.h | ||
| msg_prot.h | ||
| rpc_pipe_fs.h | ||
| rpc_rdma.h | ||
| rpc_rdma_cid.h | ||
| sched.h | ||
| stats.h | ||
| svc.h | ||
| svc_rdma.h | ||
| svc_xprt.h | ||
| svcauth.h | ||
| svcauth_gss.h | ||
| svcsock.h | ||
| timer.h | ||
| types.h | ||
| xdr.h | ||
| xprt.h | ||
| xprtmultipath.h | ||
| xprtrdma.h | ||
| xprtsock.h | ||