]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 83210b2)
NFSD: Add missing NFSv2 .pc_func methods
authorChuck Lever <chuck.lever@oracle.com>
Thu, 1 Oct 2020 22:58:56 +0000 (18:58 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 5 Nov 2020 10:07:02 +0000 (11:07 +0100)
commit 6b3dccd48de8a4c650b01499a0b09d1e2279649e upstream.

There's no protection in nfsd_dispatch() against a NULL .pc_func
helpers. A malicious NFS client can trigger a crash by invoking the
unused/unsupported NFSv2 ROOT or WRITECACHE procedures.

The current NFSD dispatcher does not support returning a void reply
to a non-NULL procedure, so the reply to both of these is wrong, for
the moment.

Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/nfsd/nfsproc.c patch | blob | blame | history

diff --git a/fs/nfsd/nfsproc.c b/fs/nfsd/nfsproc.c
index 43c0419b8ddbd0ead78fabce06be943ace1439ae..fc6282181a1faaae4f5f353077703afbf7fb340e 100644 (file)
--- a/fs/nfsd/nfsproc.c
+++ b/fs/nfsd/nfsproc.c
@@ -118,6 +118,13 @@ done:
        return nfsd_return_attrs(nfserr, resp);
 }
 
+/* Obsolete, replaced by MNTPROC_MNT. */
+static __be32
+nfsd_proc_root(struct svc_rqst *rqstp)
+{
+       return nfs_ok;
+}
+
 /*
  * Look up a path name component
  * Note: the dentry in the resp->fh may be negative if the file
@@ -201,6 +208,13 @@ nfsd_proc_read(struct svc_rqst *rqstp)
        return fh_getattr(&resp->fh, &resp->stat);
 }
 
+/* Reserved */
+static __be32
+nfsd_proc_writecache(struct svc_rqst *rqstp)
+{
+       return nfs_ok;
+}
+
 /*
  * Write data to a file
  * N.B. After this call resp->fh needs an fh_put
@@ -605,6 +619,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_xdrressize = ST+AT,
        },
        [NFSPROC_ROOT] = {
+               .pc_func = nfsd_proc_root,
                .pc_decode = nfssvc_decode_void,
                .pc_encode = nfssvc_encode_void,
                .pc_argsize = sizeof(struct nfsd_void),
@@ -642,6 +657,7 @@ static const struct svc_procedure nfsd_procedures2[18] = {
                .pc_xdrressize = ST+AT+1+NFSSVC_MAXBLKSIZE_V2/4,
        },
        [NFSPROC_WRITECACHE] = {
+               .pc_func = nfsd_proc_writecache,
                .pc_decode = nfssvc_decode_void,
                .pc_encode = nfssvc_encode_void,
                .pc_argsize = sizeof(struct nfsd_void),
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git