svcrpc: don't error out on small tcp fragment

commit 1f691b07c5dc51b2055834f58c0f351defd97f27 upstream.

Though clients we care about mostly don't do this, it is possible for
rpc requests to be sent in multiple fragments.  Here we have a sanity
check to ensure that the final received rpc isn't too small--except that
the number we're actually checking is the length of just the final
fragment, not of the whole rpc.  So a perfectly legal rpc that's
unluckily fragmented could cause the server to close the connection
here.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index df74919c81c01aa250f28fc1cc32458b4835bf1f..305374d4fb985ec4942040447f91e8d8277ea10d 100644 (file)
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1095,7 +1095,7 @@ static int svc_tcp_recvfrom(struct svc_rqst *rqstp)
                goto err_noclose;
        }
 
-       if (svc_sock_reclen(svsk) < 8) {
+       if (svsk->sk_datalen < 8) {
                svsk->sk_datalen = 0;
                goto err_delete; /* client is nuts. */
        }