aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2013-05-07 17:45:20 -0400
committerJ. Bruce Fields <bfields@redhat.com>2013-05-07 17:45:20 -0400
commitfb43f11c666a4f99f23f0be4fa528dcd288c0da2 (patch)
tree0cbd44e178322a537c83faa576686e2463c4ccc7
parent9fd40c5a66be0b0a5d65362ec139968ba6d1f412 (diff)
SUNRPC: fix decoding of optional gss-proxy xdr fields
The current code works, but sort of by accident: it obviously didn't intend the error return to be interpreted as "true". Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_xdr.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index a1e1b1ab515b..357f613df7ff 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -21,16 +21,6 @@
21#include <linux/sunrpc/svcauth.h> 21#include <linux/sunrpc/svcauth.h>
22#include "gss_rpc_xdr.h" 22#include "gss_rpc_xdr.h"
23 23
24static bool gssx_check_pointer(struct xdr_stream *xdr)
25{
26 __be32 *p;
27
28 p = xdr_reserve_space(xdr, 4);
29 if (unlikely(p == NULL))
30 return -ENOSPC;
31 return *p?true:false;
32}
33
34static int gssx_enc_bool(struct xdr_stream *xdr, int v) 24static int gssx_enc_bool(struct xdr_stream *xdr, int v)
35{ 25{
36 __be32 *p; 26 __be32 *p;
@@ -802,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
802 struct xdr_stream *xdr, 792 struct xdr_stream *xdr,
803 struct gssx_res_accept_sec_context *res) 793 struct gssx_res_accept_sec_context *res)
804{ 794{
795 u32 value_follows;
805 int err; 796 int err;
806 797
807 /* res->status */ 798 /* res->status */
@@ -810,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
810 return err; 801 return err;
811 802
812 /* res->context_handle */ 803 /* res->context_handle */
813 if (gssx_check_pointer(xdr)) { 804 err = gssx_dec_bool(xdr, &value_follows);
805 if (err)
806 return err;
807 if (value_follows) {
814 err = gssx_dec_ctx(xdr, res->context_handle); 808 err = gssx_dec_ctx(xdr, res->context_handle);
815 if (err) 809 if (err)
816 return err; 810 return err;
@@ -819,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
819 } 813 }
820 814
821 /* res->output_token */ 815 /* res->output_token */
822 if (gssx_check_pointer(xdr)) { 816 err = gssx_dec_bool(xdr, &value_follows);
817 if (err)
818 return err;
819 if (value_follows) {
823 err = gssx_dec_buffer(xdr, res->output_token); 820 err = gssx_dec_buffer(xdr, res->output_token);
824 if (err) 821 if (err)
825 return err; 822 return err;
@@ -828,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
828 } 825 }
829 826
830 /* res->delegated_cred_handle */ 827 /* res->delegated_cred_handle */
831 if (gssx_check_pointer(xdr)) { 828 err = gssx_dec_bool(xdr, &value_follows);
829 if (err)
830 return err;
831 if (value_follows) {
832 /* we do not support upcall servers sending this data. */ 832 /* we do not support upcall servers sending this data. */
833 return -EINVAL; 833 return -EINVAL;
834 } 834 }