diff options
author | J. Bruce Fields <bfields@redhat.com> | 2013-05-07 17:45:20 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2013-05-07 17:45:20 -0400 |
commit | fb43f11c666a4f99f23f0be4fa528dcd288c0da2 (patch) | |
tree | 0cbd44e178322a537c83faa576686e2463c4ccc7 | |
parent | 9fd40c5a66be0b0a5d65362ec139968ba6d1f412 (diff) |
SUNRPC: fix decoding of optional gss-proxy xdr fields
The current code works, but sort of by accident: it obviously didn't
intend the error return to be interpreted as "true".
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r-- | net/sunrpc/auth_gss/gss_rpc_xdr.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index a1e1b1ab515b..357f613df7ff 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c | |||
@@ -21,16 +21,6 @@ | |||
21 | #include <linux/sunrpc/svcauth.h> | 21 | #include <linux/sunrpc/svcauth.h> |
22 | #include "gss_rpc_xdr.h" | 22 | #include "gss_rpc_xdr.h" |
23 | 23 | ||
24 | static bool gssx_check_pointer(struct xdr_stream *xdr) | ||
25 | { | ||
26 | __be32 *p; | ||
27 | |||
28 | p = xdr_reserve_space(xdr, 4); | ||
29 | if (unlikely(p == NULL)) | ||
30 | return -ENOSPC; | ||
31 | return *p?true:false; | ||
32 | } | ||
33 | |||
34 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) | 24 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) |
35 | { | 25 | { |
36 | __be32 *p; | 26 | __be32 *p; |
@@ -802,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
802 | struct xdr_stream *xdr, | 792 | struct xdr_stream *xdr, |
803 | struct gssx_res_accept_sec_context *res) | 793 | struct gssx_res_accept_sec_context *res) |
804 | { | 794 | { |
795 | u32 value_follows; | ||
805 | int err; | 796 | int err; |
806 | 797 | ||
807 | /* res->status */ | 798 | /* res->status */ |
@@ -810,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
810 | return err; | 801 | return err; |
811 | 802 | ||
812 | /* res->context_handle */ | 803 | /* res->context_handle */ |
813 | if (gssx_check_pointer(xdr)) { | 804 | err = gssx_dec_bool(xdr, &value_follows); |
805 | if (err) | ||
806 | return err; | ||
807 | if (value_follows) { | ||
814 | err = gssx_dec_ctx(xdr, res->context_handle); | 808 | err = gssx_dec_ctx(xdr, res->context_handle); |
815 | if (err) | 809 | if (err) |
816 | return err; | 810 | return err; |
@@ -819,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
819 | } | 813 | } |
820 | 814 | ||
821 | /* res->output_token */ | 815 | /* res->output_token */ |
822 | if (gssx_check_pointer(xdr)) { | 816 | err = gssx_dec_bool(xdr, &value_follows); |
817 | if (err) | ||
818 | return err; | ||
819 | if (value_follows) { | ||
823 | err = gssx_dec_buffer(xdr, res->output_token); | 820 | err = gssx_dec_buffer(xdr, res->output_token); |
824 | if (err) | 821 | if (err) |
825 | return err; | 822 | return err; |
@@ -828,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
828 | } | 825 | } |
829 | 826 | ||
830 | /* res->delegated_cred_handle */ | 827 | /* res->delegated_cred_handle */ |
831 | if (gssx_check_pointer(xdr)) { | 828 | err = gssx_dec_bool(xdr, &value_follows); |
829 | if (err) | ||
830 | return err; | ||
831 | if (value_follows) { | ||
832 | /* we do not support upcall servers sending this data. */ | 832 | /* we do not support upcall servers sending this data. */ |
833 | return -EINVAL; | 833 | return -EINVAL; |
834 | } | 834 | } |