From 89ff884ebbd0a667253dd61ade8a0e70b787c84a Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Tue, 11 Mar 2014 17:58:57 -0400 Subject: [PATCH] nfsd4: nfsd4_check_resp_size should check against whole buffer Signed-off-by: J. Bruce Fields --- fs/nfsd/nfs4xdr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 8ce6c8d..0eeba21 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -3762,7 +3762,6 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) { struct xdr_buf *buf = &resp->rqstp->rq_res; struct nfsd4_session *session = resp->cstate.session; - int slack_bytes = (char *)resp->xdr.end - (char *)resp->xdr.p; if (nfsd4_has_session(&resp->cstate)) { struct nfsd4_slot *slot = resp->cstate.slot; @@ -3775,7 +3774,7 @@ __be32 nfsd4_check_resp_size(struct nfsd4_compoundres *resp, u32 respsize) return nfserr_rep_too_big_to_cache; } - if (respsize > slack_bytes) { + if (buf->len + respsize > buf->buflen) { WARN_ON_ONCE(nfsd4_has_session(&resp->cstate)); return nfserr_resource; } -- 2.7.4