From c3f9d4939af90eb8e30119601c86c05bde6c7345 Mon Sep 17 00:00:00 2001 From: wdenk Date: Sun, 14 Mar 2004 00:59:59 +0000 Subject: * Patch by Yuli Barcohen, 4 Mar 2004: Fix problems with GCC 3.3.x which changed handling of global variables explicitly initialized to zero (now in .bss instead of .data as before). * Patch by Leon Kukovec, 02 Mar 2004: add strswab() to fix IDE LBA capacity, firmware and model numbers on little endian machines * Patch by Masami Komiya, 02 Mar 2004: - Remove get_ticks() from NFS code - Add verification of RPC transaction ID * Patch by Pierre Aubert, 02 Mar 2004: cleanup for IDE and USB drivers for MPC5200 --- net/nfs.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) (limited to 'net/nfs.c') diff --git a/net/nfs.c b/net/nfs.c index 2363d61..ca2a108 100644 --- a/net/nfs.c +++ b/net/nfs.c @@ -37,7 +37,7 @@ #define NFS_TIMEOUT 10 static int fs_mounted = 0; -static unsigned long rpc_id; +static unsigned long rpc_id = 0; static int nfs_offset = -1; static int nfs_len; @@ -123,17 +123,6 @@ dirname (char *path) } /************************************************************************** -RPC_INIT - set up the ID counter to something fairly random -**************************************************************************/ -static void -rpc_init (void) -{ - unsigned long t; - t=get_ticks(); - rpc_id = t ^ (t << 8) ^ (t << 16); -} - -/************************************************************************** RPC_ADD_CREDENTIALS - Add RPC authentication/verifier entries **************************************************************************/ static long *rpc_add_credentials (long *p) @@ -189,7 +178,7 @@ rpc_req (int rpc_prog, int rpc_proc, uint32_t *data, int datalen) int pktlen; int sport; - id = rpc_id++; + id = ++rpc_id; pkt.u.call.id = htonl(id); pkt.u.call.type = htonl(MSG_CALL); pkt.u.call.rpcvers = htonl(2); /* use RPC version 2 */ @@ -410,10 +399,14 @@ rpc_lookup_reply (int prog, uchar *pkt, unsigned len) printf ("%s\n", __FUNCTION__); #endif + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus || rpc_pkt.u.reply.astatus) { + return -1; } switch (prog) { @@ -439,6 +432,9 @@ nfs_mount_reply (uchar *pkt, unsigned len) memcpy ((unsigned char *)&rpc_pkt, pkt, len); + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus || @@ -463,6 +459,9 @@ nfs_umountall_reply (uchar *pkt, unsigned len) memcpy ((unsigned char *)&rpc_pkt, pkt, len); + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus) { @@ -486,6 +485,9 @@ nfs_lookup_reply (uchar *pkt, unsigned len) memcpy ((unsigned char *)&rpc_pkt, pkt, len); + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus || @@ -510,6 +512,9 @@ nfs_readlink_reply (uchar *pkt, unsigned len) memcpy ((unsigned char *)&rpc_pkt, pkt, len); + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus || @@ -544,6 +549,9 @@ nfs_read_reply (uchar *pkt, unsigned len) memcpy ((uchar *)&rpc_pkt, pkt, sizeof(rpc_pkt.u.reply)); + if (ntohl(rpc_pkt.u.reply.id) != rpc_id) + return -1; + if (rpc_pkt.u.reply.rstatus || rpc_pkt.u.reply.verifier || rpc_pkt.u.reply.astatus || @@ -755,7 +763,6 @@ NfsStart (void) NetSetTimeout (NFS_TIMEOUT * CFG_HZ, NfsTimeout); NetSetHandler (NfsHandler); - rpc_init (); NfsTimeoutCount = 0; NfsState = STATE_PRCLOOKUP_PROG_MOUNT_REQ; -- cgit v1.1