diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2015-11-20 16:42:40 -0500 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2015-11-24 12:39:18 -0500 |
| commit | 920dd9bb7d7cf9ae339e15240326a28a22f08a74 (patch) | |
| tree | 09637a832f3c4d4d1291ab990e162e903811b4f7 /fs/nfsd | |
| parent | 50c7b948adbd1f8f0475fa0c92abb51c8a49f847 (diff) | |
nfsd: fix unlikely NULL deref in mach_creds_match
We really shouldn't allow a client to be created with cl_mach_cred set
unless it also has a principal name.
This also allows us to fail such cases immediately on EXCHANGE_ID as
opposed to waiting and incorrectly returning WRONG_CRED on the following
CREATE_SESSION.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4state.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index efa3d4c09dab..ed58ced6fa8b 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
| @@ -2385,6 +2385,15 @@ nfsd4_exchange_id(struct svc_rqst *rqstp, | |||
| 2385 | status = nfserr_inval; | 2385 | status = nfserr_inval; |
| 2386 | goto out_nolock; | 2386 | goto out_nolock; |
| 2387 | } | 2387 | } |
| 2388 | /* | ||
| 2389 | * Sometimes userspace doesn't give us a principal. | ||
| 2390 | * Which is a bug, really. Anyway, we can't enforce | ||
| 2391 | * MACH_CRED in that case, better to give up now: | ||
| 2392 | */ | ||
| 2393 | if (!new->cl_cred.cr_principal) { | ||
| 2394 | status = nfserr_serverfault; | ||
| 2395 | goto out_nolock; | ||
| 2396 | } | ||
| 2388 | new->cl_mach_cred = true; | 2397 | new->cl_mach_cred = true; |
| 2389 | case SP4_NONE: | 2398 | case SP4_NONE: |
| 2390 | break; | 2399 | break; |