From: Andrew Deason Date: Thu, 17 Dec 2009 20:59:44 +0000 (-0600) Subject: Do not trust FetchData length from fileservers X-Git-Tag: openafs-devel-1_5_69~97 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=c7b92a3018044f7aca4d9a77644e5c06ef64d1e9;p=packages%2Fo%2Fopenafs.git Do not trust FetchData length from fileservers Currently the Unix CM implicitly trusts that the length from a FetchData request from a fileserver will always be less than the requested length. If the fileserver sends more data than requested, we can use up more cache space than we intended, possibly exceeding the cacheinfo cache limits. Add a check for this, and return EIO to the caller if the fileserver responds with too much data. Change-Id: I413393a7bacbf207332d7f904cf396c79b77b6b5 Reviewed-on: http://gerrit.openafs.org/996 Tested-by: Andrew Deason Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c index bf0031657..5ddd58649 100644 --- a/src/afs/afs_fetchstore.c +++ b/src/afs/afs_fetchstore.c @@ -989,6 +989,19 @@ rxfs_fetchInit(struct afs_conn *tc, struct vcache *avc, afs_offs_t base, } else code = -1; + if (*alength > size) { + /* The fileserver told us it is going to send more data than we + * requested. It shouldn't do that, and accepting that much data + * can make us take up more cache space than we're supposed to, + * so error. */ + code = rx_Error(v->call); + RX_AFS_GUNLOCK(); + code1 = rx_EndCall(v->call, code); + RX_AFS_GLOCK(); + v->call = NULL; + code = EIO; + } + if (!code && code1) code = code1;