From d69aa27295cec9abad548d1e8b4181babbedc1ef Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@citi.umich.edu>
Date: Mon, 12 Mar 2012 13:43:56 -0400
Subject: [PATCH] readdir: guarantee that entry_buf_len can fit one entry

Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
---
 daemon/readdir.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/daemon/readdir.c b/daemon/readdir.c
index a6c1a1e..e9dc26d 100644
--- a/daemon/readdir.c
+++ b/daemon/readdir.c
@@ -457,6 +457,9 @@ static int handle_readdir(nfs41_upcall *upcall)
     uint32_t entry_buf_len;
     bitmap4 attr_request;
     bool_t eof;
+    /* make sure we allocate enough space for one nfs41_readdir_entry */
+    const uint32_t max_buf_len = max(args->buf_len,
+        sizeof(nfs41_readdir_entry) + NFS41_MAX_COMPONENT_SIZE);
 
     dprintf(1, "-> handle_nfs41_dirquery(%s,%d,%d,%d)\n",
         args->filter, args->initial, args->restart, args->single);
@@ -479,13 +482,13 @@ static int handle_readdir(nfs41_upcall *upcall)
         goto out;
     }
 
-    entry_buf = malloc(args->buf_len);
+    entry_buf = malloc(max_buf_len);
     if (entry_buf == NULL) {
         status = GetLastError();
         goto out_free_cookie;
     }
 fetch_entries:
-    entry_buf_len = args->buf_len;
+    entry_buf_len = max_buf_len;
 
     init_getattr_request(&attr_request);
     attr_request.arr[0] |= FATTR4_WORD0_RDATTR_ERROR;