aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@fieldses.org>2006-03-20 23:23:11 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-03-20 23:23:11 -0500
commit9e57b302cf0f27063184196def620f39ca7a5fc6 (patch)
tree3b154f314dfad8c4350af10b87ab7f4759df3f6d /net/sunrpc
parent7a1218a277c45cba1fb8d7089407a1769c645c43 (diff)
SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksum
Remove unnecessary kmalloc of temporary space to hold the md5 result; it's small enough to just put on the stack. This code may be called to process rpc's necessary to perform writes, so there's a potential deadlock whenever we kmalloc() here. After this a couple kmalloc()'s still remain, to be removed soon. This also fixes a rare double-free on error noticed by coverity. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_seal.c6
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_unseal.c4
-rw-r--r--net/sunrpc/auth_gss/gss_krb5_wrap.c10
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_seal.c5
-rw-r--r--net/sunrpc/auth_gss/gss_spkm3_unseal.c4
5 files changed, 12 insertions, 17 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index d0dfdfd5e79e..58f9721980e2 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -76,7 +76,8 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
76{ 76{
77 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id; 77 struct krb5_ctx *ctx = gss_ctx->internal_ctx_id;
78 s32 checksum_type; 78 s32 checksum_type;
79 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 79 char cksumdata[16];
80 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
80 unsigned char *ptr, *krb5_hdr, *msg_start; 81 unsigned char *ptr, *krb5_hdr, *msg_start;
81 s32 now; 82 s32 now;
82 83
@@ -133,8 +134,6 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
133 BUG(); 134 BUG();
134 } 135 }
135 136
136 kfree(md5cksum.data);
137
138 if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, 137 if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
139 ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))) 138 ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8)))
140 goto out_err; 139 goto out_err;
@@ -143,6 +142,5 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
143 142
144 return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); 143 return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
145out_err: 144out_err:
146 kfree(md5cksum.data);
147 return GSS_S_FAILURE; 145 return GSS_S_FAILURE;
148} 146}
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index db055fd7d778..0828cf64100f 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -79,7 +79,8 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
79 int signalg; 79 int signalg;
80 int sealalg; 80 int sealalg;
81 s32 checksum_type; 81 s32 checksum_type;
82 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 82 char cksumdata[16];
83 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
83 s32 now; 84 s32 now;
84 int direction; 85 int direction;
85 s32 seqnum; 86 s32 seqnum;
@@ -176,6 +177,5 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
176 177
177 ret = GSS_S_COMPLETE; 178 ret = GSS_S_COMPLETE;
178out: 179out:
179 kfree(md5cksum.data);
180 return ret; 180 return ret;
181} 181}
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index af777cf9f251..346133e446cb 100644
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -121,7 +121,8 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
121{ 121{
122 struct krb5_ctx *kctx = ctx->internal_ctx_id; 122 struct krb5_ctx *kctx = ctx->internal_ctx_id;
123 s32 checksum_type; 123 s32 checksum_type;
124 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 124 char cksumdata[16];
125 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
125 int blocksize = 0, plainlen; 126 int blocksize = 0, plainlen;
126 unsigned char *ptr, *krb5_hdr, *msg_start; 127 unsigned char *ptr, *krb5_hdr, *msg_start;
127 s32 now; 128 s32 now;
@@ -205,8 +206,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
205 BUG(); 206 BUG();
206 } 207 }
207 208
208 kfree(md5cksum.data);
209
210 /* XXX would probably be more efficient to compute checksum 209 /* XXX would probably be more efficient to compute checksum
211 * and encrypt at the same time: */ 210 * and encrypt at the same time: */
212 if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, 211 if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
@@ -221,7 +220,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
221 220
222 return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); 221 return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
223out_err: 222out_err:
224 if (md5cksum.data) kfree(md5cksum.data);
225 return GSS_S_FAILURE; 223 return GSS_S_FAILURE;
226} 224}
227 225
@@ -232,7 +230,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
232 int signalg; 230 int signalg;
233 int sealalg; 231 int sealalg;
234 s32 checksum_type; 232 s32 checksum_type;
235 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 233 char cksumdata[16];
234 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
236 s32 now; 235 s32 now;
237 int direction; 236 int direction;
238 s32 seqnum; 237 s32 seqnum;
@@ -358,6 +357,5 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
358 357
359 ret = GSS_S_COMPLETE; 358 ret = GSS_S_COMPLETE;
360out: 359out:
361 if (md5cksum.data) kfree(md5cksum.data);
362 return ret; 360 return ret;
363} 361}
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c
index 86fbf7c3e39c..18c7862bc234 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_seal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c
@@ -57,7 +57,8 @@ spkm3_make_token(struct spkm3_ctx *ctx,
57{ 57{
58 s32 checksum_type; 58 s32 checksum_type;
59 char tokhdrbuf[25]; 59 char tokhdrbuf[25];
60 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 60 char cksumdata[16];
61 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
61 struct xdr_netobj mic_hdr = {.len = 0, .data = tokhdrbuf}; 62 struct xdr_netobj mic_hdr = {.len = 0, .data = tokhdrbuf};
62 int tokenlen = 0; 63 int tokenlen = 0;
63 unsigned char *ptr; 64 unsigned char *ptr;
@@ -115,13 +116,11 @@ spkm3_make_token(struct spkm3_ctx *ctx,
115 dprintk("RPC: gss_spkm3_seal: SPKM_WRAP_TOK not supported\n"); 116 dprintk("RPC: gss_spkm3_seal: SPKM_WRAP_TOK not supported\n");
116 goto out_err; 117 goto out_err;
117 } 118 }
118 kfree(md5cksum.data);
119 119
120 /* XXX need to implement sequence numbers, and ctx->expired */ 120 /* XXX need to implement sequence numbers, and ctx->expired */
121 121
122 return GSS_S_COMPLETE; 122 return GSS_S_COMPLETE;
123out_err: 123out_err:
124 kfree(md5cksum.data);
125 token->data = NULL; 124 token->data = NULL;
126 token->len = 0; 125 token->len = 0;
127 return GSS_S_FAILURE; 126 return GSS_S_FAILURE;
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
index 96851b0ba1ba..8537f581ef9b 100644
--- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c
+++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c
@@ -56,7 +56,8 @@ spkm3_read_token(struct spkm3_ctx *ctx,
56{ 56{
57 s32 code; 57 s32 code;
58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; 58 struct xdr_netobj wire_cksum = {.len =0, .data = NULL};
59 struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; 59 char cksumdata[16];
60 struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata};
60 unsigned char *ptr = (unsigned char *)read_token->data; 61 unsigned char *ptr = (unsigned char *)read_token->data;
61 unsigned char *cksum; 62 unsigned char *cksum;
62 int bodysize, md5elen; 63 int bodysize, md5elen;
@@ -120,7 +121,6 @@ spkm3_read_token(struct spkm3_ctx *ctx,
120 /* XXX: need to add expiration and sequencing */ 121 /* XXX: need to add expiration and sequencing */
121 ret = GSS_S_COMPLETE; 122 ret = GSS_S_COMPLETE;
122out: 123out:
123 kfree(md5cksum.data);
124 kfree(wire_cksum.data); 124 kfree(wire_cksum.data);
125 return ret; 125 return ret;
126} 126}