Commit 776bd5c7 authored Mar 18, 2009 by Chuck Lever Committed by Trond Myklebust Mar 28, 2009

SUNRPC: Don't flag empty RPCB_GETADDR reply as bogus



In 2007, commit e65fe397 added
additional sanity checking to rpcb_decode_getaddr() to make sure we
were getting a reply that was long enough to be an actual universal
address.  If the uaddr string isn't long enough, the XDR decoder
returns EIO.

However, an empty string is a valid RPCB_GETADDR response if the
requested service isn't registered.  Moreover, "::.n.m" is also a
valid RPCB_GETADDR response for IPv6 addresses that is shorter
than rpcb_decode_getaddr()'s lower limit of 11.  So this sanity
check introduced a regression for rpcbind requests against IPv6
remotes.

So revert the lower bound check added by commit
e65fe397, and add an explicit check
for an empty uaddr string, similar to libtirpc's rpcb_getaddr(3).

Pointed-out-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

parent 7fe5c398

net/sunrpc/rpcb_clnt.c

+8 −3

Original line number	Diff line number	Diff line
		@@ -703,11 +703,16 @@ static int rpcb_decode_getaddr(struct rpc_rqst req, __be32 p,
		*portp = 0;
		addr_len = ntohl(*p++);

		if (addr_len == 0) {
		dprintk("RPC: rpcb_decode_getaddr: "
		"service is not registered\n");
		return 0;
		}

		/*
		* Simple sanity check. The smallest possible universal
		* address is an IPv4 address string containing 11 bytes.
		* Simple sanity check.
		*/
		if (addr_len < 11 \|\| addr_len > RPCBIND_MAXUADDRLEN)
		if (addr_len > RPCBIND_MAXUADDRLEN)
		goto out_err;

		/*

Admin message