aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2008-10-03 12:50:44 -0400
committerJ. Bruce Fields <bfields@citi.umich.edu>2008-10-03 17:02:35 -0400
commitb85e4676344fc4d7ec5e0f62c3d3712e48bbe223 (patch)
treea2a6c0226ea0f72536477dff2e123245a3621d9d /fs
parentdcff09f124f71d1d4fe61eb63c79e52f488ac22e (diff)
lockd: Add helper to sanity check incoming NOTIFY requests
lockd accepts SM_NOTIFY calls only from a privileged process on the local system. If lockd uses an AF_INET6 listener, the sender's address (ie the local rpc.statd) will be the IPv6 loopback address, not the IPv4 loopback address. Make sure the privilege test in nlmsvc_proc_sm_notify() and nlm4svc_proc_sm_notify() works for both AF_INET and AF_INET6 family addresses by refactoring the test into a helper and adding support for IPv6 addresses. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'fs')
-rw-r--r--fs/lockd/svc4proc.c6
-rw-r--r--fs/lockd/svcproc.c6
2 files changed, 4 insertions, 8 deletions
diff --git a/fs/lockd/svc4proc.c b/fs/lockd/svc4proc.c
index 50ee8eb139ab..014f6ce48172 100644
--- a/fs/lockd/svc4proc.c
+++ b/fs/lockd/svc4proc.c
@@ -421,11 +421,9 @@ nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
421{ 421{
422 struct sockaddr_in saddr; 422 struct sockaddr_in saddr;
423 423
424 memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
425
426 dprintk("lockd: SM_NOTIFY called\n"); 424 dprintk("lockd: SM_NOTIFY called\n");
427 if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK) 425
428 || ntohs(saddr.sin_port) >= 1024) { 426 if (!nlm_privileged_requester(rqstp)) {
429 char buf[RPC_MAX_ADDRBUFLEN]; 427 char buf[RPC_MAX_ADDRBUFLEN];
430 printk(KERN_WARNING "lockd: rejected NSM callback from %s\n", 428 printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
431 svc_print_addr(rqstp, buf, sizeof(buf))); 429 svc_print_addr(rqstp, buf, sizeof(buf)));
diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
index 935ce967a6a1..548b0bb2b84d 100644
--- a/fs/lockd/svcproc.c
+++ b/fs/lockd/svcproc.c
@@ -453,11 +453,9 @@ nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
453{ 453{
454 struct sockaddr_in saddr; 454 struct sockaddr_in saddr;
455 455
456 memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
457
458 dprintk("lockd: SM_NOTIFY called\n"); 456 dprintk("lockd: SM_NOTIFY called\n");
459 if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK) 457
460 || ntohs(saddr.sin_port) >= 1024) { 458 if (!nlm_privileged_requester(rqstp)) {
461 char buf[RPC_MAX_ADDRBUFLEN]; 459 char buf[RPC_MAX_ADDRBUFLEN];
462 printk(KERN_WARNING "lockd: rejected NSM callback from %s\n", 460 printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
463 svc_print_addr(rqstp, buf, sizeof(buf))); 461 svc_print_addr(rqstp, buf, sizeof(buf)));