aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-02-02 06:03:04 -0500
committerEric W. Biederman <ebiederm@xmission.com>2013-02-13 09:15:26 -0500
commitf025adf191924e3a75ce80e130afcd2485b53bb8 (patch)
tree5cb0782640600a5df5ea067943ce77bffddcecf4
parent25da9263710ec94c964259c79fa9a3a635cd3a50 (diff)
sunrpc: Properly decode kuids and kgids in RPC_AUTH_UNIX credentials
When reading kuids from the wire map them into the initial user namespace, and validate the mapping succeded. When reading kgids from the wire map them into the initial user namespace, and validate the mapping succeded. Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat
-rw-r--r--net/sunrpc/svcauth_unix.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index bdea0a1b6d1d..a1852e19ed0c 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -821,8 +821,10 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp)
821 argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ 821 argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */
822 argv->iov_len -= slen*4; 822 argv->iov_len -= slen*4;
823 823
824 cred->cr_uid = svc_getnl(argv); /* uid */ 824 cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */
825 cred->cr_gid = svc_getnl(argv); /* gid */ 825 cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */
826 if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid))
827 goto badcred;
826 slen = svc_getnl(argv); /* gids length */ 828 slen = svc_getnl(argv); /* gids length */
827 if (slen > 16 || (len -= (slen + 2)*4) < 0) 829 if (slen > 16 || (len -= (slen + 2)*4) < 0)
828 goto badcred; 830 goto badcred;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-15 16:58:29 -0500