diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2019-02-11 11:24:58 -0500 |
|---|---|---|
| committer | Anna Schumaker <Anna.Schumaker@Netapp.com> | 2019-02-14 09:11:18 -0500 |
| commit | a0584ee9aed805446b044ce855e67264f0dc619e (patch) | |
| tree | f32c32e668db5a918b86f6562c639f71f353b6cf /net/sunrpc/auth_unix.c | |
| parent | 7f5667a5f8c4ff85b14ccce9d41f9244bd30ab68 (diff) | |
SUNRPC: Use struct xdr_stream when decoding RPC Reply header
Modernize and harden the code path that parses an RPC Reply
message.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Diffstat (limited to 'net/sunrpc/auth_unix.c')
| -rw-r--r-- | net/sunrpc/auth_unix.c | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c index 1d5b7ed9c6f7..5ea84a96f96e 100644 --- a/net/sunrpc/auth_unix.c +++ b/net/sunrpc/auth_unix.c | |||
| @@ -160,29 +160,32 @@ unx_refresh(struct rpc_task *task) | |||
| 160 | return 0; | 160 | return 0; |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | static __be32 * | 163 | static int |
| 164 | unx_validate(struct rpc_task *task, __be32 *p) | 164 | unx_validate(struct rpc_task *task, struct xdr_stream *xdr) |
| 165 | { | 165 | { |
| 166 | rpc_authflavor_t flavor; | 166 | __be32 *p; |
| 167 | u32 size; | 167 | u32 size; |
| 168 | |||
| 169 | flavor = ntohl(*p++); | ||
| 170 | if (flavor != RPC_AUTH_NULL && | ||
| 171 | flavor != RPC_AUTH_UNIX && | ||
| 172 | flavor != RPC_AUTH_SHORT) { | ||
| 173 | printk("RPC: bad verf flavor: %u\n", flavor); | ||
| 174 | return ERR_PTR(-EIO); | ||
| 175 | } | ||
| 176 | 168 | ||
| 177 | size = ntohl(*p++); | 169 | p = xdr_inline_decode(xdr, 2 * sizeof(*p)); |
| 178 | if (size > RPC_MAX_AUTH_SIZE) { | 170 | if (!p) |
| 179 | printk("RPC: giant verf size: %u\n", size); | 171 | return -EIO; |
| 180 | return ERR_PTR(-EIO); | 172 | switch (*p++) { |
| 173 | case rpc_auth_null: | ||
| 174 | case rpc_auth_unix: | ||
| 175 | case rpc_auth_short: | ||
| 176 | break; | ||
| 177 | default: | ||
| 178 | return -EIO; | ||
| 181 | } | 179 | } |
| 182 | task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2; | 180 | size = be32_to_cpup(p); |
| 183 | p += (size >> 2); | 181 | if (size > RPC_MAX_AUTH_SIZE) |
| 182 | return -EIO; | ||
| 183 | p = xdr_inline_decode(xdr, size); | ||
| 184 | if (!p) | ||
| 185 | return -EIO; | ||
| 184 | 186 | ||
| 185 | return p; | 187 | task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2; |
| 188 | return 0; | ||
| 186 | } | 189 | } |
| 187 | 190 | ||
| 188 | int __init rpc_init_authunix(void) | 191 | int __init rpc_init_authunix(void) |
| @@ -223,4 +226,5 @@ const struct rpc_credops unix_credops = { | |||
| 223 | .crwrap_req = rpcauth_wrap_req_encode, | 226 | .crwrap_req = rpcauth_wrap_req_encode, |
| 224 | .crrefresh = unx_refresh, | 227 | .crrefresh = unx_refresh, |
| 225 | .crvalidate = unx_validate, | 228 | .crvalidate = unx_validate, |
| 229 | .crunwrap_resp = rpcauth_unwrap_resp_decode, | ||
| 226 | }; | 230 | }; |