Revision e6838a29ecb484c97e4efef9429643b9851fba6e authored by J. Bruce Fields on 21 April 2017, 20:10:18 UTC, committed by J. Bruce Fields on 25 April 2017, 20:34:37 UTC
A client can append random data to the end of an NFSv2 or NFSv3 RPC call without our complaining; we'll just stop parsing at the end of the expected data and ignore the rest. Encoded arguments and replies are stored together in an array of pages, and if a call is too large it could leave inadequate space for the reply. This is normally OK because NFS RPC's typically have either short arguments and long replies (like READ) or long arguments and short replies (like WRITE). But a client that sends an incorrectly long reply can violate those assumptions. This was observed to cause crashes. Also, several operations increment rq_next_page in the decode routine before checking the argument size, which can leave rq_next_page pointing well past the end of the page array, causing trouble later in svc_free_pages. So, following a suggestion from Neil Brown, add a central check to enforce our expectation that no NFSv2/v3 call has both a large call and a large reply. As followup we may also want to rewrite the encoding routines to check more carefully that they aren't running off the end of the page array. We may also consider rejecting calls that have any extra garbage appended. That would be safer, and within our rights by spec, but given the age of our server and the NFS protocol, and the fact that we've never enforced this before, we may need to balance that against the possibility of breaking some oddball client. Reported-by: Tuomas Haanpää <thaan@synopsys.com> Reported-by: Ari Kauppi <ari@synopsys.com> Cc: stable@vger.kernel.org Reviewed-by: NeilBrown <neilb@suse.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
1 parent 5a7ad11
config
#!/bin/bash
# Manipulate options in a .config file from the command line
myname=${0##*/}
# If no prefix forced, use the default CONFIG_
CONFIG_="${CONFIG_-CONFIG_}"
usage() {
cat >&2 <<EOL
Manipulate options in a .config file from the command line.
Usage:
$myname options command ...
commands:
--enable|-e option Enable option
--disable|-d option Disable option
--module|-m option Turn option into a module
--set-str option string
Set option to "string"
--set-val option value
Set option to value
--undefine|-u option Undefine option
--state|-s option Print state of option (n,y,m,undef)
--enable-after|-E beforeopt option
Enable option directly after other option
--disable-after|-D beforeopt option
Disable option directly after other option
--module-after|-M beforeopt option
Turn option into module directly after other option
commands can be repeated multiple times
options:
--file config-file .config file to change (default .config)
--keep-case|-k Keep next symbols' case (dont' upper-case it)
$myname doesn't check the validity of the .config file. This is done at next
make time.
By default, $myname will upper-case the given symbol. Use --keep-case to keep
the case of all following symbols unchanged.
$myname uses 'CONFIG_' as the default symbol prefix. Set the environment
variable CONFIG_ to the prefix to use. Eg.: CONFIG_="FOO_" $myname ...
EOL
exit 1
}
checkarg() {
ARG="$1"
if [ "$ARG" = "" ] ; then
usage
fi
case "$ARG" in
${CONFIG_}*)
ARG="${ARG/${CONFIG_}/}"
;;
esac
if [ "$MUNGE_CASE" = "yes" ] ; then
ARG="`echo $ARG | tr a-z A-Z`"
fi
}
txt_append() {
local anchor="$1"
local insert="$2"
local infile="$3"
local tmpfile="$infile.swp"
# sed append cmd: 'a\' + newline + text + newline
cmd="$(printf "a\\%b$insert" "\n")"
sed -e "/$anchor/$cmd" "$infile" >"$tmpfile"
# replace original file with the edited one
mv "$tmpfile" "$infile"
}
txt_subst() {
local before="$1"
local after="$2"
local infile="$3"
local tmpfile="$infile.swp"
sed -e "s:$before:$after:" "$infile" >"$tmpfile"
# replace original file with the edited one
mv "$tmpfile" "$infile"
}
txt_delete() {
local text="$1"
local infile="$2"
local tmpfile="$infile.swp"
sed -e "/$text/d" "$infile" >"$tmpfile"
# replace original file with the edited one
mv "$tmpfile" "$infile"
}
set_var() {
local name=$1 new=$2 before=$3
name_re="^($name=|# $name is not set)"
before_re="^($before=|# $before is not set)"
if test -n "$before" && grep -Eq "$before_re" "$FN"; then
txt_append "^$before=" "$new" "$FN"
txt_append "^# $before is not set" "$new" "$FN"
elif grep -Eq "$name_re" "$FN"; then
txt_subst "^$name=.*" "$new" "$FN"
txt_subst "^# $name is not set" "$new" "$FN"
else
echo "$new" >>"$FN"
fi
}
undef_var() {
local name=$1
txt_delete "^$name=" "$FN"
txt_delete "^# $name is not set" "$FN"
}
if [ "$1" = "--file" ]; then
FN="$2"
if [ "$FN" = "" ] ; then
usage
fi
shift 2
else
FN=.config
fi
if [ "$1" = "" ] ; then
usage
fi
MUNGE_CASE=yes
while [ "$1" != "" ] ; do
CMD="$1"
shift
case "$CMD" in
--keep-case|-k)
MUNGE_CASE=no
continue
;;
--refresh)
;;
--*-after|-E|-D|-M)
checkarg "$1"
A=$ARG
checkarg "$2"
B=$ARG
shift 2
;;
-*)
checkarg "$1"
shift
;;
esac
case "$CMD" in
--enable|-e)
set_var "${CONFIG_}$ARG" "${CONFIG_}$ARG=y"
;;
--disable|-d)
set_var "${CONFIG_}$ARG" "# ${CONFIG_}$ARG is not set"
;;
--module|-m)
set_var "${CONFIG_}$ARG" "${CONFIG_}$ARG=m"
;;
--set-str)
# sed swallows one level of escaping, so we need double-escaping
set_var "${CONFIG_}$ARG" "${CONFIG_}$ARG=\"${1//\"/\\\\\"}\""
shift
;;
--set-val)
set_var "${CONFIG_}$ARG" "${CONFIG_}$ARG=$1"
shift
;;
--undefine|-u)
undef_var "${CONFIG_}$ARG"
;;
--state|-s)
if grep -q "# ${CONFIG_}$ARG is not set" $FN ; then
echo n
else
V="$(grep "^${CONFIG_}$ARG=" $FN)"
if [ $? != 0 ] ; then
echo undef
else
V="${V/#${CONFIG_}$ARG=/}"
V="${V/#\"/}"
V="${V/%\"/}"
V="${V//\\\"/\"}"
echo "${V}"
fi
fi
;;
--enable-after|-E)
set_var "${CONFIG_}$B" "${CONFIG_}$B=y" "${CONFIG_}$A"
;;
--disable-after|-D)
set_var "${CONFIG_}$B" "# ${CONFIG_}$B is not set" "${CONFIG_}$A"
;;
--module-after|-M)
set_var "${CONFIG_}$B" "${CONFIG_}$B=m" "${CONFIG_}$A"
;;
# undocumented because it ignores --file (fixme)
--refresh)
yes "" | make oldconfig
;;
*)
usage
;;
esac
done
Computing file changes ...
