From bb73eec774d611ea5018c8299241ddcd0633e54e Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@citi.umich.edu>
Date: Thu, 7 Oct 2010 13:20:38 -0400
Subject: [PATCH] bug fix: avoid infinite loops by checking for len=0 on
 read/write

/* we shouldn't ever see this, but a buggy server could
 * send us into an infinite loop. return NFS4ERR_IO */

Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
---
 daemon/nfs41_ops.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/daemon/nfs41_ops.c b/daemon/nfs41_ops.c
index 2dc3b9a..4c74bad 100644
--- a/daemon/nfs41_ops.c
+++ b/daemon/nfs41_ops.c
@@ -628,6 +628,14 @@ int nfs41_write(
     }
 
     *bytes_written = write_res.resok4.count;
+
+    /* we shouldn't ever see this, but a buggy server could
+     * send us into an infinite loop. return NFS4ERR_IO */
+    if (!write_res.resok4.count) {
+        status = NFS4ERR_IO;
+        eprintf("WRITE succeeded with count=0; returning %s\n",
+            nfs_error_string(status));
+    }
 out:
     return status;
 }
@@ -680,6 +688,14 @@ int nfs41_read(
 
     *data_len_out = read_res.resok4.data_len;
     *eof_out = read_res.resok4.eof;
+
+    /* we shouldn't ever see this, but a buggy server could
+     * send us into an infinite loop. return NFS4ERR_IO */
+    if (!read_res.resok4.data_len && !read_res.resok4.eof) {
+        status = NFS4ERR_IO;
+        eprintf("READ succeeded with len=0 and eof=0; returning %s\n",
+            nfs_error_string(status));
+    }
 out:
     return status;
 }