From: Andrew Deason <adeason@sinenomine.net>
Date: Thu, 17 Dec 2009 21:16:50 +0000 (-0600)
Subject: Check viced FetchData length for cache bypass
X-Git-Tag: openafs-devel-1_5_69~82
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=1f23ff72e9d0b555c44dca90a92c6379e5d52f3a

Check viced FetchData length for cache bypass

Same fix as change I413393a7bacbf207332d7f904cf396c79b77b6b5, but for
the cache bypass code.

Change-Id: Ic181e257f7d0e1892bd10bf14d8d5571b4804d63
Reviewed-on: http://gerrit.openafs.org/1000
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/afs/afs_bypasscache.c b/src/afs/afs_bypasscache.c
index 5ec1fce..dc1f3bd 100644
--- a/src/afs/afs_bypasscache.c
+++ b/src/afs/afs_bypasscache.c
@@ -303,7 +303,8 @@ static afs_int32
 afs_NoCacheFetchProc(register struct rx_call *acall, 
                      register struct vcache *avc, 
 					 register uio_t *auio, 
-                     afs_int32 release_pages)
+                     afs_int32 release_pages,
+		     afs_int32 size)
 {
     afs_int32 length;
     afs_int32 code;
@@ -336,6 +337,14 @@ afs_NoCacheFetchProc(register struct rx_call *acall,
 	    goto done;
 	} else
 	    length = ntohl(length);		
+
+	if (length > size) {
+	    result = EIO;
+	    afs_warn("Preread error. Got length %d, which is greater than size %d\n",
+	             length, size);
+	    unlock_pages(auio);
+	    goto done;
+	}
 					
 	/*
 	 * The fetch protocol is extended for the AFS/DFS translator
@@ -606,7 +615,8 @@ afs_PrefetchNoCache(register struct vcache *avc,
 #endif
 	    if (code == 0) {
 		code = afs_NoCacheFetchProc(tcall, avc, auio,
-				            1 /* release_pages */);
+				            1 /* release_pages */,
+					    bparms->length);
 	    } else {
 		afs_warn("BYPASS: StartRXAFS_FetchData failed: %d\n", code);
 		unlock_pages(auio);