Do not trust FetchData length from fileservers

Currently the Unix CM implicitly trusts that the length from a FetchData
request from a fileserver will always be less than the requested length.
If the fileserver sends more data than requested, we can use up more
cache space than we intended, possibly exceeding the cacheinfo cache
limits.

Add a check for this, and return EIO to the caller if the fileserver
responds with too much data.

Change-Id: I413393a7bacbf207332d7f904cf396c79b77b6b5
Reviewed-on: http://gerrit.openafs.org/996
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c
index bf00316..5ddd586 100644 (file)
--- a/src/afs/afs_fetchstore.c
+++ b/src/afs/afs_fetchstore.c
@@ -989,6 +989,19 @@ rxfs_fetchInit(struct afs_conn *tc, struct vcache *avc, afs_offs_t base,
     } else
        code = -1;
 
+    if (*alength > size) {
+       /* The fileserver told us it is going to send more data than we
+        * requested. It shouldn't do that, and accepting that much data
+        * can make us take up more cache space than we're supposed to,
+        * so error. */
+       code = rx_Error(v->call);
+       RX_AFS_GUNLOCK();
+       code1 = rx_EndCall(v->call, code);
+       RX_AFS_GLOCK();
+       v->call = NULL;
+       code = EIO;
+    }
+
     if (!code && code1)
        code = code1;