diff options
| author | Kinglong Mee <kinglongmee@gmail.com> | 2014-09-02 10:14:31 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-09-03 17:43:03 -0400 |
| commit | 13c82e8eb515ea84de4e3a1a097137bd3d5c2cc5 (patch) | |
| tree | f46fca5bca21b40f2c5a45b90a969a33313e1a44 /fs/nfsd | |
| parent | 48c348b09c6b35b1cf6f2125d1d4fd7c962dd79d (diff) | |
NFSD: Full checking of authentication name
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd')
| -rw-r--r-- | fs/nfsd/nfs4idmap.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c index dc948f667650..e1b3d3d472da 100644 --- a/fs/nfsd/nfs4idmap.c +++ b/fs/nfsd/nfs4idmap.c | |||
| @@ -215,7 +215,8 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen) | |||
| 215 | memset(&ent, 0, sizeof(ent)); | 215 | memset(&ent, 0, sizeof(ent)); |
| 216 | 216 | ||
| 217 | /* Authentication name */ | 217 | /* Authentication name */ |
| 218 | if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) | 218 | len = qword_get(&buf, buf1, PAGE_SIZE); |
| 219 | if (len <= 0 || len >= IDMAP_NAMESZ) | ||
| 219 | goto out; | 220 | goto out; |
| 220 | memcpy(ent.authname, buf1, sizeof(ent.authname)); | 221 | memcpy(ent.authname, buf1, sizeof(ent.authname)); |
| 221 | 222 | ||
| @@ -245,12 +246,10 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen) | |||
| 245 | /* Name */ | 246 | /* Name */ |
| 246 | error = -EINVAL; | 247 | error = -EINVAL; |
| 247 | len = qword_get(&buf, buf1, PAGE_SIZE); | 248 | len = qword_get(&buf, buf1, PAGE_SIZE); |
| 248 | if (len < 0) | 249 | if (len < 0 || len >= IDMAP_NAMESZ) |
| 249 | goto out; | 250 | goto out; |
| 250 | if (len == 0) | 251 | if (len == 0) |
| 251 | set_bit(CACHE_NEGATIVE, &ent.h.flags); | 252 | set_bit(CACHE_NEGATIVE, &ent.h.flags); |
| 252 | else if (len >= IDMAP_NAMESZ) | ||
| 253 | goto out; | ||
| 254 | else | 253 | else |
| 255 | memcpy(ent.name, buf1, sizeof(ent.name)); | 254 | memcpy(ent.name, buf1, sizeof(ent.name)); |
| 256 | error = -ENOMEM; | 255 | error = -ENOMEM; |
| @@ -259,15 +258,12 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen) | |||
| 259 | goto out; | 258 | goto out; |
| 260 | 259 | ||
| 261 | cache_put(&res->h, cd); | 260 | cache_put(&res->h, cd); |
| 262 | |||
| 263 | error = 0; | 261 | error = 0; |
| 264 | out: | 262 | out: |
| 265 | kfree(buf1); | 263 | kfree(buf1); |
| 266 | |||
| 267 | return error; | 264 | return error; |
| 268 | } | 265 | } |
| 269 | 266 | ||
| 270 | |||
| 271 | static struct ent * | 267 | static struct ent * |
| 272 | idtoname_lookup(struct cache_detail *cd, struct ent *item) | 268 | idtoname_lookup(struct cache_detail *cd, struct ent *item) |
| 273 | { | 269 | { |
| @@ -381,7 +377,8 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen) | |||
| 381 | memset(&ent, 0, sizeof(ent)); | 377 | memset(&ent, 0, sizeof(ent)); |
| 382 | 378 | ||
| 383 | /* Authentication name */ | 379 | /* Authentication name */ |
| 384 | if (qword_get(&buf, buf1, PAGE_SIZE) <= 0) | 380 | len = qword_get(&buf, buf1, PAGE_SIZE); |
| 381 | if (len <= 0 || len >= IDMAP_NAMESZ) | ||
| 385 | goto out; | 382 | goto out; |
| 386 | memcpy(ent.authname, buf1, sizeof(ent.authname)); | 383 | memcpy(ent.authname, buf1, sizeof(ent.authname)); |
| 387 | 384 | ||
| @@ -421,7 +418,6 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen) | |||
| 421 | error = 0; | 418 | error = 0; |
| 422 | out: | 419 | out: |
| 423 | kfree(buf1); | 420 | kfree(buf1); |
| 424 | |||
| 425 | return (error); | 421 | return (error); |
| 426 | } | 422 | } |
| 427 | 423 | ||