#2384 closed defect (fixed)
[PATCH] [NFS client] Respect 2^32 - 1 B NFSv2 maximum file size
Reported by: | Nick Withers | Owned by: | Nick Withers <nick.withers@…> |
---|---|---|---|
Priority: | normal | Milestone: | 4.11.1 |
Component: | fs | Version: | 4.11 |
Severity: | normal | Keywords: | |
Cc: | Blocked By: | ||
Blocking: |
Description
The RTEMS NFS(v2) client in at least 4.11 and master does not range check off_t values before assigning them into NFSv2's on-the-wire 32-bit unsigned file offset field.
Reads from and writes to an offset at or above 4 GiB will currently silently be remapped to the mod 232 location (on two's complement machines at least).
The attached patch checks for negative offsets [1] and out of [0 - UINT32_MAX)-range access in nfs_file_read(), nfs_file_write() and nfs_file_ftruncate(). It doesn't touch the lseek() implementation, so an lseek() past NFSv2 range will still "succeed" - a subsequent read or write there won't. I think this is POSIX-compliant [2], however.
[1] Perhaps unnecessary if it's impossible for a negative offset to be obtained without e.g., an application user twiddling things they shouldn't? lseek() at least does correctly error on obtaining negative offsets
[2] e.g., http://pubs.opengroup.org/onlinepubs/009695399/functions/lseek.html doesn't explicitly seem to require lseek() to fail for out-of range offsets that aren't negative, and it mustn't do a resize itself
Attachments (1)
Change History (3)
Changed on 08/05/15 at 03:41:03 by Nick Withers
Attachment: | nfs-4GiB.patch added |
---|
comment:1 Changed on 08/06/15 at 14:49:59 by Nick Withers <nick.withers@…>
Owner: | set to Nick Withers <nick.withers@…> |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Slight change to patch - we've already converted iop->offset to a uint32_t