aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/auth_gss
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-05-10 12:28:55 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2013-05-10 12:28:55 -0400
commit2dbd3cac87250a0d44e07acc86c4224a08522709 (patch)
tree4f31fdf50bfe64616aca1c4e2405930fd5b15e84 /net/sunrpc/auth_gss
parenta77c005887a6d6f318117176791efa0ef7fcca80 (diff)
parent7255e716b1757dc10fa5e3a4d2eaab303ff9f7b6 (diff)
Merge branch 'for-3.10' of git://linux-nfs.org/~bfields/linux
Pull nfsd fixes from Bruce Fields: "Small fixes for two bugs and two warnings" * 'for-3.10' of git://linux-nfs.org/~bfields/linux: nfsd: fix oops when legacy_recdir_name_error is passed a -ENOENT error SUNRPC: fix decoding of optional gss-proxy xdr fields SUNRPC: Refactor gssx_dec_option_array() to kill uninitialized warning nfsd4: don't allow owner override on 4.1 CLAIM_FH opens
Diffstat (limited to 'net/sunrpc/auth_gss')
-rw-r--r--net/sunrpc/auth_gss/gss_rpc_xdr.c58
1 files changed, 30 insertions, 28 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index 5c4c61d527e2..357f613df7ff 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -21,16 +21,6 @@
21#include <linux/sunrpc/svcauth.h> 21#include <linux/sunrpc/svcauth.h>
22#include "gss_rpc_xdr.h" 22#include "gss_rpc_xdr.h"
23 23
24static bool gssx_check_pointer(struct xdr_stream *xdr)
25{
26 __be32 *p;
27
28 p = xdr_reserve_space(xdr, 4);
29 if (unlikely(p == NULL))
30 return -ENOSPC;
31 return *p?true:false;
32}
33
34static int gssx_enc_bool(struct xdr_stream *xdr, int v) 24static int gssx_enc_bool(struct xdr_stream *xdr, int v)
35{ 25{
36 __be32 *p; 26 __be32 *p;
@@ -264,25 +254,27 @@ static int gssx_dec_option_array(struct xdr_stream *xdr,
264 if (unlikely(p == NULL)) 254 if (unlikely(p == NULL))
265 return -ENOSPC; 255 return -ENOSPC;
266 count = be32_to_cpup(p++); 256 count = be32_to_cpup(p++);
267 if (count != 0) { 257 if (!count)
268 /* we recognize only 1 currently: CREDS_VALUE */ 258 return 0;
269 oa->count = 1;
270 259
271 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL); 260 /* we recognize only 1 currently: CREDS_VALUE */
272 if (!oa->data) 261 oa->count = 1;
273 return -ENOMEM;
274 262
275 creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL); 263 oa->data = kmalloc(sizeof(struct gssx_option), GFP_KERNEL);
276 if (!creds) { 264 if (!oa->data)
277 kfree(oa->data); 265 return -ENOMEM;
278 return -ENOMEM;
279 }
280 266
281 oa->data[0].option.data = CREDS_VALUE; 267 creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
282 oa->data[0].option.len = sizeof(CREDS_VALUE); 268 if (!creds) {
283 oa->data[0].value.data = (void *)creds; 269 kfree(oa->data);
284 oa->data[0].value.len = 0; 270 return -ENOMEM;
285 } 271 }
272
273 oa->data[0].option.data = CREDS_VALUE;
274 oa->data[0].option.len = sizeof(CREDS_VALUE);
275 oa->data[0].value.data = (void *)creds;
276 oa->data[0].value.len = 0;
277
286 for (i = 0; i < count; i++) { 278 for (i = 0; i < count; i++) {
287 gssx_buffer dummy = { 0, NULL }; 279 gssx_buffer dummy = { 0, NULL };
288 u32 length; 280 u32 length;
@@ -800,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
800 struct xdr_stream *xdr, 792 struct xdr_stream *xdr,
801 struct gssx_res_accept_sec_context *res) 793 struct gssx_res_accept_sec_context *res)
802{ 794{
795 u32 value_follows;
803 int err; 796 int err;
804 797
805 /* res->status */ 798 /* res->status */
@@ -808,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
808 return err; 801 return err;
809 802
810 /* res->context_handle */ 803 /* res->context_handle */
811 if (gssx_check_pointer(xdr)) { 804 err = gssx_dec_bool(xdr, &value_follows);
805 if (err)
806 return err;
807 if (value_follows) {
812 err = gssx_dec_ctx(xdr, res->context_handle); 808 err = gssx_dec_ctx(xdr, res->context_handle);
813 if (err) 809 if (err)
814 return err; 810 return err;
@@ -817,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
817 } 813 }
818 814
819 /* res->output_token */ 815 /* res->output_token */
820 if (gssx_check_pointer(xdr)) { 816 err = gssx_dec_bool(xdr, &value_follows);
817 if (err)
818 return err;
819 if (value_follows) {
821 err = gssx_dec_buffer(xdr, res->output_token); 820 err = gssx_dec_buffer(xdr, res->output_token);
822 if (err) 821 if (err)
823 return err; 822 return err;
@@ -826,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
826 } 825 }
827 826
828 /* res->delegated_cred_handle */ 827 /* res->delegated_cred_handle */
829 if (gssx_check_pointer(xdr)) { 828 err = gssx_dec_bool(xdr, &value_follows);
829 if (err)
830 return err;
831 if (value_follows) {
830 /* we do not support upcall servers sending this data. */ 832 /* we do not support upcall servers sending this data. */
831 return -EINVAL; 833 return -EINVAL;
832 } 834 }