diff -u --recursive --new-file v2.4.13/linux/fs/nfs/nfs2xdr.c linux/fs/nfs/nfs2xdr.c
--- v2.4.13/linux/fs/nfs/nfs2xdr.c	Fri Feb  9 11:29:44 2001
+++ linux/fs/nfs/nfs2xdr.c	Fri Nov  2 17:40:09 2001
@@ -471,6 +471,8 @@
 
 	for (nr = 0; *p++; nr++) {
 		entry = p - 1;
+		if (p + 2 > end)
+			goto short_pkt;
 		p++; /* fileid */
 		len = ntohl(*p++);
 		p += XDR_QUADLEN(len) + 1;	/* name plus cookie */
@@ -479,13 +481,13 @@
 						len);
 			return -errno_NFSERR_IO;
 		}
-		if (p + 2 > end) {
-			printk(KERN_NOTICE
-				"NFS: short packet in readdir reply!\n");
-			entry[0] = entry[1] = 0;
-			break;
-		}
+		if (p + 2 > end)
+			goto short_pkt;
 	}
+	return nr;
+ short_pkt:
+	printk(KERN_NOTICE "NFS: short packet in readdir reply!\n");
+	entry[0] = entry[1] = 0;
 	return nr;
 }
 
diff -u --recursive --new-file v2.4.13/linux/fs/nfs/nfs3xdr.c linux/fs/nfs/nfs3xdr.c
--- v2.4.13/linux/fs/nfs/nfs3xdr.c	Fri Feb  9 11:29:44 2001
+++ linux/fs/nfs/nfs3xdr.c	Fri Nov  2 17:40:09 2001
@@ -594,6 +594,8 @@
 	end = (u32 *) ((u8 *) p + iov[1].iov_len);
 	for (nr = 0; *p++; nr++) {
 		entry = p - 1;
+		if (p + 3 > end)
+			goto short_pkt;
 		p += 2;				/* inode # */
 		len = ntohl(*p++);		/* string length */
 		p += XDR_QUADLEN(len) + 2;	/* name + cookie */
@@ -605,10 +607,17 @@
 
 		if (res->plus) {
 			/* post_op_attr */
-			if (*p++)
+			if (p > end)
+				goto short_pkt;
+			if (*p++) {
 				p += 21;
+				if (p > end)
+					goto short_pkt;
+			}
 			/* post_op_fh3 */
 			if (*p++) {
+				if (p > end)
+					goto short_pkt;
 				len = ntohl(*p++);
 				if (len > NFS3_FHSIZE) {
 					printk(KERN_WARNING "NFS: giant filehandle in "
@@ -619,15 +628,15 @@
 			}
 		}
 
-		if (p + 2 > end) {
-			printk(KERN_NOTICE
-				"NFS: short packet in readdir reply!\n");
-			/* truncate listing */
-			entry[0] = entry[1] = 0;
-			break;
-		}
+		if (p + 2 > end)
+			goto short_pkt;
 	}
 
+	return nr;
+ short_pkt:
+	printk(KERN_NOTICE "NFS: short packet in readdir reply!\n");
+	/* truncate listing */
+	entry[0] = entry[1] = 0;
 	return nr;
 }