Date: Tue, 29 Sep 1998 15:33:06 -0700 (PDT) From: Kirk McKusick <mckusick@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: cvs commit: src/sys/nfs nfs_socket.c Message-ID: <199809292233.PAA23495@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
mckusick 1998/09/29 15:33:06 PDT
Modified files:
sys/nfs nfs_socket.c
Log:
The code checks each fragment mark to see if it's valid; if the fragment
is less than NFS_MINPACKET or greater than NFS_MAXPACKET in size, it
barfs and, I think, drops the connection.
However, there's no guarantee that in a multi-fragment RPC, all the
fragments will be at least as large as NFS_MINPACKET.
In fact, with the version of "tclnfs" we have here, which supports NFS
over TCP, at least when built under SunOS 4.1.3 (i.e., with 4.1.3's
user-mode ONC RPC library), I can *repeatably* cause "tclnfs" to send a
request with more than one fragment, one of which is only 8 bytes long.
I just do a 3877-byte write to a file, at an offset of 0.
The check that "slp->ns_reclen" is greater than or equal to
NFS_MINPACKET serves no useful purpose - if the NFS server code can't
handle packets < NFS_MINPACKET bytes, it can't handle them over *any*
protocol, so the check has to be done above the RPC-over-TCP layer - and
should be removed.
Obtained from: Fix from Guy Harris, forwarded by Rick Macklem.
Revision Changes Path
1.46 +2 -2 src/sys/nfs/nfs_socket.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809292233.PAA23495>