nfsd: wrong index used in inner loop
Mi Jinlong [Fri, 11 Mar 2011 04:13:55 +0000 (12:13 +0800)]
We must not use dummy for index.
After the first index, READ32(dummy) will change dummy!!!!

Signed-off-by: Mi Jinlong <mijinlong@cn.fujitsu.com>
[bfields@redhat.com: Trond points out READ_BUF alone is sufficient.]
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

fs/nfsd/nfs4xdr.c

index 615f0a9..c6766af 100644 (file)
@@ -1142,7 +1142,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
 
        u32 dummy;
        char *machine_name;
-       int i, j;
+       int i;
        int nr_secflavs;
 
        READ_BUF(16);
@@ -1215,8 +1215,6 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
                        READ_BUF(4);
                        READ32(dummy);
                        READ_BUF(dummy * 4);
-                       for (j = 0; j < dummy; ++j)
-                               READ32(dummy);
                        break;
                case RPC_AUTH_GSS:
                        dprintk("RPC_AUTH_GSS callback secflavor "
@@ -1232,7 +1230,6 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp,
                        READ_BUF(4);
                        READ32(dummy);
                        READ_BUF(dummy);
-                       p += XDR_QUADLEN(dummy);
                        break;
                default:
                        dprintk("Illegal callback secflavor\n");