only in patch2: --- openafs/src/afs/LINUX/osi_vnodeops.c 19 Mar 2009 04:54:50 -0000 1.81.2.77 +++ openafs/src/afs/LINUX/osi_vnodeops.c 4 Apr 2009 12:33:39 -0000 @@ -45,6 +45,10 @@ #define pageoff(pp) pp->offset #endif +#ifndef MAX_ERRNO +#define MAX_ERRNO 1000L +#endif + #if defined(AFS_LINUX26_ENV) #define UnlockPage(pp) unlock_page(pp) extern struct backing_dev_info afs_backing_dev_info; @@ -1087,8 +1091,10 @@ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,10) if (code == ENOENT) return ERR_PTR(0); - else + else if ((code >= 0) && (code <= MAX_ERRNO)) return ERR_PTR(-code); + else + return ERR_PTR(-EIO); #else if (code == ENOENT) code = 0; @@ -1429,7 +1435,10 @@ if (code < 0) { dput(basep); - res = ERR_PTR(code); + if (code < -MAX_ERRNO) + res = ERR_PTR(-EIO); + else + res = ERR_PTR(code); } else { name[code] = '\0'; res = lookup_dentry(name, basep, follow); only in patch2: --- openafs/src/afs/VNOPS/afs_vnop_lookup.c 26 Aug 2008 14:02:14 -0000 1.50.2.22 +++ openafs/src/afs/VNOPS/afs_vnop_lookup.c 4 Apr 2009 12:32:41 -0000 @@ -538,8 +538,6 @@ int nskip; /* # of slots in the LRU queue to skip */ struct vcache *lruvcp; /* vcache ptr of our goal pos in LRU queue */ struct dcache *dcp; /* chunk containing the dir block */ - char *statMemp; /* status memory block */ - char *cbfMemp; /* callback and fid memory block */ afs_size_t temp; /* temp for holding chunk length, &c. */ struct AFSFid *fidsp; /* file IDs were collecting */ struct AFSCallBack *cbsp; /* call back pointers */ @@ -597,13 +595,11 @@ * one for fids and callbacks, and one for stat info. Well set * up our pointers to the memory from there, too. */ - statMemp = osi_AllocLargeSpace(nentries * sizeof(AFSFetchStatus)); - statsp = (struct AFSFetchStatus *)statMemp; - cbfMemp = - osi_AllocLargeSpace(nentries * - (sizeof(AFSCallBack) + sizeof(AFSFid))); - fidsp = (AFSFid *) cbfMemp; - cbsp = (AFSCallBack *) (cbfMemp + nentries * sizeof(AFSFid)); + statsp = (AFSFetchStatus *) + osi_Alloc(AFSCBMAX * sizeof(AFSFetchStatus)); + fidsp = (AFSFid *) osi_AllocLargeSpace(nentries * sizeof(AFSFid)); + cbsp = (AFSCallBack *) + osi_Alloc(AFSCBMAX * sizeof(AFSCallBack)); /* next, we must iterate over the directory, starting from the specified * cookie offset (dirCookie), and counting out nentries file entries. @@ -1081,7 +1077,7 @@ afs_PutVolume(volp, READ_LOCK); /* If we did the InlineBulk RPC pull out the return code */ - if (inlinebulk) { + if (inlinebulk && code == 0) { if ((&statsp[0])->errorCode) { afs_Analyze(tcp, (&statsp[0])->errorCode, &adp->fid, areqp, AFS_STATS_FS_RPCIDX_BULKSTATUS, SHARED_LOCK, NULL); @@ -1091,8 +1087,9 @@ code = 0; } done2: - osi_FreeLargeSpace(statMemp); - osi_FreeLargeSpace(cbfMemp); + osi_FreeLargeSpace((char *)fidsp); + osi_Free((char *)statsp, AFSCBMAX * sizeof(AFSFetchStatus)); + osi_Free((char *)cbsp, AFSCBMAX * sizeof(AFSCallBack)); return code; } only in patch2: --- openafs/src/sys/rmtsysc.c 28 Nov 2007 05:08:11 -0000 1.11.2.5 +++ openafs/src/sys/rmtsysc.c 4 Apr 2009 12:32:41 -0000 @@ -241,8 +241,14 @@ InData.rmtbulk_len = data->in_size; InData.rmtbulk_val = inbuffer; inparam_conversion(cmd, InData.rmtbulk_val, 0); - OutData.rmtbulk_len = data->out_size; - OutData.rmtbulk_val = data->out; + + OutData.rmtbulk_len = MAXBUFFERLEN * sizeof(*OutData.rmtbulk_val); + OutData.rmtbulk_val = malloc(OutData.rmtbulk_len); + if (!OutData.rmtbulk_val) { + free(inbuffer); + return -1; + } + /* We always need to pass absolute pathnames to the remote pioctl since we * lose the current directory value when doing an rpc call. Below we * prepend the current absolute path directory, if the name is relative */ @@ -279,8 +285,15 @@ if (!errorcode) { /* Do the conversions back to the host order; store the results back * on the same buffer */ - outparam_conversion(cmd, OutData.rmtbulk_val, 1); + if (data->out_size < OutData.rmtbulk_len) { + errno = EINVAL; + errorcode = -1; + } else { + memcpy(data->out, OutData.rmtbulk_val, data->out_size); + outparam_conversion(cmd, data->out, 1); + } } + free(OutData.rmtbulk_val); free(inbuffer); return errorcode; }