linux/net/sunrpc
J. Bruce Fields 49a068f82a rpc: fix xdr_truncate_encode to handle buffer ending on page boundary
A struct xdr_stream at a page boundary might point to the end of one
page or the beginning of the next, but xdr_truncate_encode isn't
prepared to handle the former.

This can cause corruption of NFSv4 READDIR replies in the case that a
readdir entry that would have exceeded the client's dircount/maxcount
limit would have ended exactly on a 4k page boundary.  You're more
likely to hit this case on large directories.

Other xdr_truncate_encode callers are probably also affected.

Reported-by: Holger Hoffstätte <holger.hoffstaette@googlemail.com>
Tested-by: Holger Hoffstätte <holger.hoffstaette@googlemail.com>
Fixes: 3e19ce762b "rpc: xdr_truncate_encode"
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-01-07 14:03:58 -05:00
..
auth_gss sunrpc: move rq_splice_ok flag into rq_flags 2014-12-09 11:22:21 -05:00
xprtrdma NFS: Client side changes for RDMA 2014-11-26 17:37:13 -05:00
addr.c replace strict_strto calls 2014-07-12 18:45:49 -04:00
auth.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
auth_generic.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
auth_null.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
auth_unix.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
backchannel_rqst.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
bc_svc.c SUNRPC: remove BUG_ON from bc_send 2012-11-04 14:43:41 -05:00
cache.c sunrpc/cache: convert to use string_escape_str() 2014-12-09 11:30:20 -05:00
clnt.c sunrpc: add debugfs file for displaying client rpc_task queue 2014-11-27 13:14:51 -05:00
debugfs.c sunrpc: add a debugfs rpc_xprt directory with an info file in it 2014-11-27 13:14:52 -05:00
Kconfig sunrpc: add debugfs file for displaying client rpc_task queue 2014-11-27 13:14:51 -05:00
Makefile sunrpc: add debugfs file for displaying client rpc_task queue 2014-11-27 13:14:51 -05:00
netns.h Merge branch 'for-3.14' of git://linux-nfs.org/~bfields/linux 2014-01-30 10:18:43 -08:00
rpc_pipe.c rpc_pipe: Drop memory allocation cast 2014-07-12 18:43:44 -04:00
rpcb_clnt.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
sched.c sunrpc: eliminate RPC_TRACEPOINTS 2014-11-24 17:33:12 -05:00
socklib.c net: Save software checksum complete 2014-06-11 15:46:13 -07:00
stats.c SUNRPC: serialize iostats updates 2014-11-25 16:22:15 -05:00
sunrpc.h SUNRPC: track whether a request is coming from a loop-back interface. 2014-05-22 15:59:18 -04:00
sunrpc_syms.c sunrpc: add debugfs file for displaying client rpc_task queue 2014-11-27 13:14:51 -05:00
svc.c sunrpc: convert to lockless lookup of queued server threads 2014-12-09 11:22:22 -05:00
svc_xprt.c sunrpc: only call test_bit once in svc_xprt_received 2014-12-09 11:29:14 -05:00
svcauth.c nfsd4: better reservation of head space for krb5 2014-05-30 17:32:17 -04:00
svcauth_unix.c svcrpc: fix failures to handle -1 uid's 2013-07-08 17:27:23 -04:00
svcsock.c sunrpc: move rq_local field to rq_flags 2014-12-09 11:21:21 -05:00
sysctl.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00
timer.c
xdr.c rpc: fix xdr_truncate_encode to handle buffer ending on page boundary 2015-01-07 14:03:58 -05:00
xprt.c sunrpc: add a debugfs rpc_xprt directory with an info file in it 2014-11-27 13:14:52 -05:00
xprtsock.c sunrpc: eliminate RPC_DEBUG 2014-11-24 17:31:46 -05:00