Do not trust FetchData length from fileservers

Currently the Unix CM implicitly trusts that the length from a FetchData
request from a fileserver will always be less than the requested length.
If the fileserver sends more data than requested, we can use up more
cache space than we intended, possibly exceeding the cacheinfo cache
limits.

Add a check for this, and return EIO to the caller if the fileserver
responds with too much data.

Reviewed-on: http://gerrit.openafs.org/996
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit c7b92a3018044f7aca4d9a77644e5c06ef64d1e9)

Change-Id: Ibbbc989cfb6522bb7d3c3003d31931549812d18e
Reviewed-on: http://gerrit.openafs.org/1002
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/afs/afs_dcache.c b/src/afs/afs_dcache.c
index 1ee51e6d5d3f3609b0f112d7eb10562eef47f665..f99191073baa1efa8152b77fdb40b9b66618ce79 100644 (file)
--- a/src/afs/afs_dcache.c
+++ b/src/afs/afs_dcache.c
@@ -2208,6 +2208,20 @@ afs_GetDCache(register struct vcache *avc, afs_size_t abyte,
                        }
                    }
 #endif /* AFS_64BIT_CLIENT */
+
+                   if (length > size) {
+                       /* The fileserver told us it is going to send more data
+                        * than we requested. It shouldn't do that, and
+                        * accepting that much data can make us take up more
+                        * cache space than we're supposed to, so error. */
+                       code = rx_Error(tcall);
+                       RX_AFS_GUNLOCK();
+                       code1 = rx_EndCall(tcall, code);
+                       RX_AFS_GLOCK();
+                       tcall = (struct rx_call *)0;
+                       code = EIO;
+                   }
+
                    if (code == 0) {
 
 #ifndef AFS_NOSTATS