aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2008-07-03 15:26:35 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-03 15:46:56 -0400
commitb620754bfeb8b0e0c6622b03d5ee2f1af1d3082f (patch)
treea91c96f8200904a0fe4224f05a43698b2f8cb4cb
parent97055a915720fe1aff9ac71c17fae60e929d4ed6 (diff)
svcrpc: fix handling of garbage args
To return garbage_args, the accept_stat must be 0, and we must have a verifier. So we shouldn't be resetting the write pointer as we reject the call. Also, we must add the two placeholder words here regardless of success of the unwrap, to ensure the output buffer is left in a consistent state for svcauth_gss_release(). This fixes a BUG() in svcauth_gss.c:svcauth_gss_release(). Thanks to Aime Le Rouzic for bug report, debugging help, and testing. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Tested-by: Aime Le Rouzic <aime.le-rouzic@bull.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--net/sunrpc/auth_gss/svcauth_gss.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
index 5905d56737d6..81ae3d62a0cc 100644
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -1144,20 +1144,20 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1144 case RPC_GSS_SVC_NONE: 1144 case RPC_GSS_SVC_NONE:
1145 break; 1145 break;
1146 case RPC_GSS_SVC_INTEGRITY: 1146 case RPC_GSS_SVC_INTEGRITY:
1147 /* placeholders for length and seq. number: */
1148 svc_putnl(resv, 0);
1149 svc_putnl(resv, 0);
1147 if (unwrap_integ_data(&rqstp->rq_arg, 1150 if (unwrap_integ_data(&rqstp->rq_arg,
1148 gc->gc_seq, rsci->mechctx)) 1151 gc->gc_seq, rsci->mechctx))
1149 goto garbage_args; 1152 goto garbage_args;
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1150 /* placeholders for length and seq. number: */ 1155 /* placeholders for length and seq. number: */
1151 svc_putnl(resv, 0); 1156 svc_putnl(resv, 0);
1152 svc_putnl(resv, 0); 1157 svc_putnl(resv, 0);
1153 break;
1154 case RPC_GSS_SVC_PRIVACY:
1155 if (unwrap_priv_data(rqstp, &rqstp->rq_arg, 1158 if (unwrap_priv_data(rqstp, &rqstp->rq_arg,
1156 gc->gc_seq, rsci->mechctx)) 1159 gc->gc_seq, rsci->mechctx))
1157 goto garbage_args; 1160 goto garbage_args;
1158 /* placeholders for length and seq. number: */
1159 svc_putnl(resv, 0);
1160 svc_putnl(resv, 0);
1161 break; 1161 break;
1162 default: 1162 default:
1163 goto auth_err; 1163 goto auth_err;
@@ -1170,8 +1170,6 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp)
1170 goto out; 1170 goto out;
1171 } 1171 }
1172garbage_args: 1172garbage_args:
1173 /* Restore write pointer to its original value: */
1174 xdr_ressize_check(rqstp, reject_stat);
1175 ret = SVC_GARBAGE; 1173 ret = SVC_GARBAGE;
1176 goto out; 1174 goto out;
1177auth_err: 1175auth_err: