From c7b92a3018044f7aca4d9a77644e5c06ef64d1e9 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Thu, 17 Dec 2009 14:59:44 -0600 Subject: [PATCH] Do not trust FetchData length from fileservers Currently the Unix CM implicitly trusts that the length from a FetchData request from a fileserver will always be less than the requested length. If the fileserver sends more data than requested, we can use up more cache space than we intended, possibly exceeding the cacheinfo cache limits. Add a check for this, and return EIO to the caller if the fileserver responds with too much data. Change-Id: I413393a7bacbf207332d7f904cf396c79b77b6b5 Reviewed-on: http://gerrit.openafs.org/996 Tested-by: Andrew Deason Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/afs/afs_fetchstore.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c index bf00316..5ddd586 100644 --- a/src/afs/afs_fetchstore.c +++ b/src/afs/afs_fetchstore.c @@ -989,6 +989,19 @@ rxfs_fetchInit(struct afs_conn *tc, struct vcache *avc, afs_offs_t base, } else code = -1; + if (*alength > size) { + /* The fileserver told us it is going to send more data than we + * requested. It shouldn't do that, and accepting that much data + * can make us take up more cache space than we're supposed to, + * so error. */ + code = rx_Error(v->call); + RX_AFS_GUNLOCK(); + code1 = rx_EndCall(v->call, code); + RX_AFS_GLOCK(); + v->call = NULL; + code = EIO; + } + if (!code && code1) code = code1; -- 1.9.4