From: "J. Bruce Fields" <bfields@fieldses.org>

The comparison here is obviously useless as locations_count is unsigned.

Though fsloc_parse can only be handed data by root, still I'd rather have some
sanity-checking; so set a (generous) maximum number of fslocations to keep the
following kzalloc to a reasonable size.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Manoj Naik <manoj@almaden.ibm.com>
Cc: Fred Isaman <iisaman@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/nfsd/export.c            |    2 +-
 include/linux/nfsd/export.h |    3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff -puN fs/nfsd/export.c~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking fs/nfsd/export.c
--- a/fs/nfsd/export.c~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking
+++ a/fs/nfsd/export.c
@@ -415,7 +415,7 @@ fsloc_parse(char **mesg, char *buf, stru
 	err = get_int(mesg, &fsloc->locations_count);
 	if (err)
 		return err;
-	if (fsloc->locations_count < 0)
+	if (fsloc->locations_count > MAX_FS_LOCATIONS)
 		return -EINVAL;
 	if (fsloc->locations_count == 0)
 		return 0;
diff -puN include/linux/nfsd/export.h~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking include/linux/nfsd/export.h
--- a/include/linux/nfsd/export.h~knfsd-nfsd4-fslocations-data-structures-nfsd4-fix-fs-locations-bounds-checking
+++ a/include/linux/nfsd/export.h
@@ -48,6 +48,9 @@
 /*
  * FS Locations
  */
+
+#define MAX_FS_LOCATIONS	128
+
 struct nfsd4_fs_location {
 	char *hosts; /* colon separated list of hosts */
 	char *path;  /* slash separated list of path components */
_