diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-05-10 12:28:55 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-05-10 12:28:55 -0400 |
commit | 2dbd3cac87250a0d44e07acc86c4224a08522709 (patch) | |
tree | 4f31fdf50bfe64616aca1c4e2405930fd5b15e84 /net/sunrpc/auth_gss | |
parent | a77c005887a6d6f318117176791efa0ef7fcca80 (diff) | |
parent | 7255e716b1757dc10fa5e3a4d2eaab303ff9f7b6 (diff) |
Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields:
"Small fixes for two bugs and two warnings"
* 'for-3.10' of git://linux-nfs.org/~bfields/linux:
nfsd: fix oops when legacy_recdir_name_error is passed a -ENOENT error
SUNRPC: fix decoding of optional gss-proxy xdr fields
SUNRPC: Refactor gssx_dec_option_array() to kill uninitialized warning
nfsd4: don't allow owner override on 4.1 CLAIM_FH opens
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r-- | net/sunrpc/auth_gss/gss_rpc_xdr.c | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index 5c4c61d527e2..357f613df7ff 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c | |||
@@ -21,16 +21,6 @@ | |||
21 | #include <linux/sunrpc/svcauth.h> | 21 | #include <linux/sunrpc/svcauth.h> |
22 | #include "gss_rpc_xdr.h" | 22 | #include "gss_rpc_xdr.h" |
23 | 23 | ||
24 | static bool gssx_check_pointer(struct xdr_stream *xdr) | ||
25 | { | ||
26 | __be32 *p; | ||
27 | |||
28 | p = xdr_reserve_space(xdr, 4); | ||
29 | if (unlikely(p == NULL)) | ||
30 | return -ENOSPC; | ||
31 | return *p?true:false; | ||
32 | } | ||
33 | |||
34 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) | 24 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) |
35 | { | 25 | { |
36 | __be32 *p; | 26 | __be32 *p; |
@@ -264,25 +254,27 @@ static int gssx_dec_option_array(struct xdr_stream *xdr, | |||
264 | if (unlikely(p == NULL)) | 254 | if (unlikely(p == NULL)) |
265 | return -ENOSPC; | 255 | return -ENOSPC; |
266 | count = be32_to_cpup(p++); | 256 | count = be32_to_cpup(p++); |
267 | if (count != 0) { | 257 | if (!count) |
268 | /* we recognize only 1 currently: CREDS_VALUE */ | 258 | return 0; |
269 | oa->count = 1; | ||
270 | 259 | ||
271 | oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL); | 260 | /* we recognize only 1 currently: CREDS_VALUE */ |
272 | if (!oa->data) | 261 | oa->count = 1; |
273 | return -ENOMEM; | ||
274 | 262 | ||
275 | creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL); | 263 | oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL); |
276 | if (!creds) { | 264 | if (!oa->data) |
277 | kfree(oa->data); | 265 | return -ENOMEM; |
278 | return -ENOMEM; | ||
279 | } | ||
280 | 266 | ||
281 | oa->data[0].option.data = CREDS_VALUE; | 267 | creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL); |
282 | oa->data[0].option.len = sizeof(CREDS_VALUE); | 268 | if (!creds) { |
283 | oa->data[0].value.data = (void *)creds; | 269 | kfree(oa->data); |
284 | oa->data[0].value.len = 0; | 270 | return -ENOMEM; |
285 | } | 271 | } |
272 | |||
273 | oa->data[0].option.data = CREDS_VALUE; | ||
274 | oa->data[0].option.len = sizeof(CREDS_VALUE); | ||
275 | oa->data[0].value.data = (void *)creds; | ||
276 | oa->data[0].value.len = 0; | ||
277 | |||
286 | for (i = 0; i < count; i++) { | 278 | for (i = 0; i < count; i++) { |
287 | gssx_buffer dummy = { 0, NULL }; | 279 | gssx_buffer dummy = { 0, NULL }; |
288 | u32 length; | 280 | u32 length; |
@@ -800,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
800 | struct xdr_stream *xdr, | 792 | struct xdr_stream *xdr, |
801 | struct gssx_res_accept_sec_context *res) | 793 | struct gssx_res_accept_sec_context *res) |
802 | { | 794 | { |
795 | u32 value_follows; | ||
803 | int err; | 796 | int err; |
804 | 797 | ||
805 | /* res->status */ | 798 | /* res->status */ |
@@ -808,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
808 | return err; | 801 | return err; |
809 | 802 | ||
810 | /* res->context_handle */ | 803 | /* res->context_handle */ |
811 | if (gssx_check_pointer(xdr)) { | 804 | err = gssx_dec_bool(xdr, &value_follows); |
805 | if (err) | ||
806 | return err; | ||
807 | if (value_follows) { | ||
812 | err = gssx_dec_ctx(xdr, res->context_handle); | 808 | err = gssx_dec_ctx(xdr, res->context_handle); |
813 | if (err) | 809 | if (err) |
814 | return err; | 810 | return err; |
@@ -817,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
817 | } | 813 | } |
818 | 814 | ||
819 | /* res->output_token */ | 815 | /* res->output_token */ |
820 | if (gssx_check_pointer(xdr)) { | 816 | err = gssx_dec_bool(xdr, &value_follows); |
817 | if (err) | ||
818 | return err; | ||
819 | if (value_follows) { | ||
821 | err = gssx_dec_buffer(xdr, res->output_token); | 820 | err = gssx_dec_buffer(xdr, res->output_token); |
822 | if (err) | 821 | if (err) |
823 | return err; | 822 | return err; |
@@ -826,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
826 | } | 825 | } |
827 | 826 | ||
828 | /* res->delegated_cred_handle */ | 827 | /* res->delegated_cred_handle */ |
829 | if (gssx_check_pointer(xdr)) { | 828 | err = gssx_dec_bool(xdr, &value_follows); |
829 | if (err) | ||
830 | return err; | ||
831 | if (value_follows) { | ||
830 | /* we do not support upcall servers sending this data. */ | 832 | /* we do not support upcall servers sending this data. */ |
831 | return -EINVAL; | 833 | return -EINVAL; |
832 | } | 834 | } |