diff options
author | Jeff Layton <jlayton@kernel.org> | 2022-09-26 18:38:44 +0200 |
---|---|---|
committer | Chuck Lever <chuck.lever@oracle.com> | 2022-09-26 20:23:44 +0200 |
commit | 4d01416ab41540bb13ec4a39ac4e6c4aa5934bc9 (patch) | |
tree | 29803f7035c97f1c8c8169d96baf8c6a99d774fb | |
parent | NFSD: fix use-after-free on source server when doing inter-server copy (diff) | |
download | linux-4d01416ab41540bb13ec4a39ac4e6c4aa5934bc9.tar.xz linux-4d01416ab41540bb13ec4a39ac4e6c4aa5934bc9.zip |
nfsd: only fill out return pointer on success in nfsd4_lookup_stateid
In the case of a revoked delegation, we still fill out the pointer even
when returning an error, which is bad form. Only overwrite the pointer
on success.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
-rw-r--r-- | fs/nfsd/nfs4state.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index bf80ecbc5de7..6b9be5a33f01 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -6266,6 +6266,7 @@ nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, struct nfs4_stid **s, struct nfsd_net *nn) { __be32 status; + struct nfs4_stid *stid; bool return_revoked = false; /* @@ -6288,15 +6289,16 @@ nfsd4_lookup_stateid(struct nfsd4_compound_state *cstate, } if (status) return status; - *s = find_stateid_by_type(cstate->clp, stateid, typemask); - if (!*s) + stid = find_stateid_by_type(cstate->clp, stateid, typemask); + if (!stid) return nfserr_bad_stateid; - if (((*s)->sc_type == NFS4_REVOKED_DELEG_STID) && !return_revoked) { - nfs4_put_stid(*s); + if ((stid->sc_type == NFS4_REVOKED_DELEG_STID) && !return_revoked) { + nfs4_put_stid(stid); if (cstate->minorversion) return nfserr_deleg_revoked; return nfserr_bad_stateid; } + *s = stid; return nfs_ok; } |