aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2002-08-01 19:31:55 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2002-08-01 19:31:55 +0000
commit1f8ff7349738b1e345a423b0587a5e60fb05ce26 (patch)
treeac5ae200f857eeaab4bea78b0c52f458436ad3bc
parent8469435a8210ec7c5b087ef6b29c118e01d553b0 (diff)
downloadsrc-1f8ff7349738b1e345a423b0587a5e60fb05ce26.tar.gz
src-1f8ff7349738b1e345a423b0587a5e60fb05ce26.zip
MFC (1.78): avoid infinite loop upon receipt of zero-length RPC
Notes
Notes: svn path=/releng/4.4/; revision=101179
-rw-r--r--sys/nfs/nfs_socket.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/nfs/nfs_socket.c b/sys/nfs/nfs_socket.c
index 7d8bec453643..3e1e6442601f 100644
--- a/sys/nfs/nfs_socket.c
+++ b/sys/nfs/nfs_socket.c
@@ -2113,7 +2113,7 @@ nfsrv_getstream(slp, waitflag)
register struct mbuf *m, **mpp;
register char *cp1, *cp2;
register int len;
- struct mbuf *om, *m2, *recm = NULL;
+ struct mbuf *om, *m2, *recm;
u_int32_t recmark;
if (slp->ns_flag & SLP_GETSTREAM)
@@ -2158,7 +2158,11 @@ nfsrv_getstream(slp, waitflag)
/*
* Now get the record part.
+ *
+ * Note that slp->ns_reclen may be 0. Linux sometimes
+ * generates 0-length RPCs
*/
+ recm = NULL;
if (slp->ns_cc == slp->ns_reclen) {
recm = slp->ns_raw;
slp->ns_raw = slp->ns_rawend = (struct mbuf *)0;