diff options
author | J. Bruce Fields <bfields@fieldses.org> | 2006-03-20 23:23:11 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-03-20 23:23:11 -0500 |
commit | 9e57b302cf0f27063184196def620f39ca7a5fc6 (patch) | |
tree | 3b154f314dfad8c4350af10b87ab7f4759df3f6d /net/sunrpc | |
parent | 7a1218a277c45cba1fb8d7089407a1769c645c43 (diff) |
SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksum
Remove unnecessary kmalloc of temporary space to hold the md5 result; it's
small enough to just put on the stack.
This code may be called to process rpc's necessary to perform writes, so
there's a potential deadlock whenever we kmalloc() here. After this a
couple kmalloc()'s still remain, to be removed soon.
This also fixes a rare double-free on error noticed by coverity.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc')
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_seal.c | 6 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_unseal.c | 4 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_wrap.c | 10 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_seal.c | 5 | ||||
-rw-r--r-- | net/sunrpc/auth_gss/gss_spkm3_unseal.c | 4 |
5 files changed, 12 insertions, 17 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c index d0dfdfd5e79e..58f9721980e2 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seal.c +++ b/net/sunrpc/auth_gss/gss_krb5_seal.c | |||
@@ -76,7 +76,8 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, | |||
76 | { | 76 | { |
77 | struct krb5_ctx *ctx = gss_ctx->internal_ctx_id; | 77 | struct krb5_ctx *ctx = gss_ctx->internal_ctx_id; |
78 | s32 checksum_type; | 78 | s32 checksum_type; |
79 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 79 | char cksumdata[16]; |
80 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
80 | unsigned char *ptr, *krb5_hdr, *msg_start; | 81 | unsigned char *ptr, *krb5_hdr, *msg_start; |
81 | s32 now; | 82 | s32 now; |
82 | 83 | ||
@@ -133,8 +134,6 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, | |||
133 | BUG(); | 134 | BUG(); |
134 | } | 135 | } |
135 | 136 | ||
136 | kfree(md5cksum.data); | ||
137 | |||
138 | if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, | 137 | if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff, |
139 | ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))) | 138 | ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8))) |
140 | goto out_err; | 139 | goto out_err; |
@@ -143,6 +142,5 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text, | |||
143 | 142 | ||
144 | return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); | 143 | return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); |
145 | out_err: | 144 | out_err: |
146 | kfree(md5cksum.data); | ||
147 | return GSS_S_FAILURE; | 145 | return GSS_S_FAILURE; |
148 | } | 146 | } |
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index db055fd7d778..0828cf64100f 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c | |||
@@ -79,7 +79,8 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, | |||
79 | int signalg; | 79 | int signalg; |
80 | int sealalg; | 80 | int sealalg; |
81 | s32 checksum_type; | 81 | s32 checksum_type; |
82 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 82 | char cksumdata[16]; |
83 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
83 | s32 now; | 84 | s32 now; |
84 | int direction; | 85 | int direction; |
85 | s32 seqnum; | 86 | s32 seqnum; |
@@ -176,6 +177,5 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx, | |||
176 | 177 | ||
177 | ret = GSS_S_COMPLETE; | 178 | ret = GSS_S_COMPLETE; |
178 | out: | 179 | out: |
179 | kfree(md5cksum.data); | ||
180 | return ret; | 180 | return ret; |
181 | } | 181 | } |
diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index af777cf9f251..346133e446cb 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c | |||
@@ -121,7 +121,8 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, | |||
121 | { | 121 | { |
122 | struct krb5_ctx *kctx = ctx->internal_ctx_id; | 122 | struct krb5_ctx *kctx = ctx->internal_ctx_id; |
123 | s32 checksum_type; | 123 | s32 checksum_type; |
124 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 124 | char cksumdata[16]; |
125 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
125 | int blocksize = 0, plainlen; | 126 | int blocksize = 0, plainlen; |
126 | unsigned char *ptr, *krb5_hdr, *msg_start; | 127 | unsigned char *ptr, *krb5_hdr, *msg_start; |
127 | s32 now; | 128 | s32 now; |
@@ -205,8 +206,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, | |||
205 | BUG(); | 206 | BUG(); |
206 | } | 207 | } |
207 | 208 | ||
208 | kfree(md5cksum.data); | ||
209 | |||
210 | /* XXX would probably be more efficient to compute checksum | 209 | /* XXX would probably be more efficient to compute checksum |
211 | * and encrypt at the same time: */ | 210 | * and encrypt at the same time: */ |
212 | if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, | 211 | if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff, |
@@ -221,7 +220,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset, | |||
221 | 220 | ||
222 | return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); | 221 | return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE); |
223 | out_err: | 222 | out_err: |
224 | if (md5cksum.data) kfree(md5cksum.data); | ||
225 | return GSS_S_FAILURE; | 223 | return GSS_S_FAILURE; |
226 | } | 224 | } |
227 | 225 | ||
@@ -232,7 +230,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) | |||
232 | int signalg; | 230 | int signalg; |
233 | int sealalg; | 231 | int sealalg; |
234 | s32 checksum_type; | 232 | s32 checksum_type; |
235 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 233 | char cksumdata[16]; |
234 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
236 | s32 now; | 235 | s32 now; |
237 | int direction; | 236 | int direction; |
238 | s32 seqnum; | 237 | s32 seqnum; |
@@ -358,6 +357,5 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf) | |||
358 | 357 | ||
359 | ret = GSS_S_COMPLETE; | 358 | ret = GSS_S_COMPLETE; |
360 | out: | 359 | out: |
361 | if (md5cksum.data) kfree(md5cksum.data); | ||
362 | return ret; | 360 | return ret; |
363 | } | 361 | } |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_seal.c b/net/sunrpc/auth_gss/gss_spkm3_seal.c index 86fbf7c3e39c..18c7862bc234 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_seal.c +++ b/net/sunrpc/auth_gss/gss_spkm3_seal.c | |||
@@ -57,7 +57,8 @@ spkm3_make_token(struct spkm3_ctx *ctx, | |||
57 | { | 57 | { |
58 | s32 checksum_type; | 58 | s32 checksum_type; |
59 | char tokhdrbuf[25]; | 59 | char tokhdrbuf[25]; |
60 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 60 | char cksumdata[16]; |
61 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
61 | struct xdr_netobj mic_hdr = {.len = 0, .data = tokhdrbuf}; | 62 | struct xdr_netobj mic_hdr = {.len = 0, .data = tokhdrbuf}; |
62 | int tokenlen = 0; | 63 | int tokenlen = 0; |
63 | unsigned char *ptr; | 64 | unsigned char *ptr; |
@@ -115,13 +116,11 @@ spkm3_make_token(struct spkm3_ctx *ctx, | |||
115 | dprintk("RPC: gss_spkm3_seal: SPKM_WRAP_TOK not supported\n"); | 116 | dprintk("RPC: gss_spkm3_seal: SPKM_WRAP_TOK not supported\n"); |
116 | goto out_err; | 117 | goto out_err; |
117 | } | 118 | } |
118 | kfree(md5cksum.data); | ||
119 | 119 | ||
120 | /* XXX need to implement sequence numbers, and ctx->expired */ | 120 | /* XXX need to implement sequence numbers, and ctx->expired */ |
121 | 121 | ||
122 | return GSS_S_COMPLETE; | 122 | return GSS_S_COMPLETE; |
123 | out_err: | 123 | out_err: |
124 | kfree(md5cksum.data); | ||
125 | token->data = NULL; | 124 | token->data = NULL; |
126 | token->len = 0; | 125 | token->len = 0; |
127 | return GSS_S_FAILURE; | 126 | return GSS_S_FAILURE; |
diff --git a/net/sunrpc/auth_gss/gss_spkm3_unseal.c b/net/sunrpc/auth_gss/gss_spkm3_unseal.c index 96851b0ba1ba..8537f581ef9b 100644 --- a/net/sunrpc/auth_gss/gss_spkm3_unseal.c +++ b/net/sunrpc/auth_gss/gss_spkm3_unseal.c | |||
@@ -56,7 +56,8 @@ spkm3_read_token(struct spkm3_ctx *ctx, | |||
56 | { | 56 | { |
57 | s32 code; | 57 | s32 code; |
58 | struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; | 58 | struct xdr_netobj wire_cksum = {.len =0, .data = NULL}; |
59 | struct xdr_netobj md5cksum = {.len = 0, .data = NULL}; | 59 | char cksumdata[16]; |
60 | struct xdr_netobj md5cksum = {.len = 0, .data = cksumdata}; | ||
60 | unsigned char *ptr = (unsigned char *)read_token->data; | 61 | unsigned char *ptr = (unsigned char *)read_token->data; |
61 | unsigned char *cksum; | 62 | unsigned char *cksum; |
62 | int bodysize, md5elen; | 63 | int bodysize, md5elen; |
@@ -120,7 +121,6 @@ spkm3_read_token(struct spkm3_ctx *ctx, | |||
120 | /* XXX: need to add expiration and sequencing */ | 121 | /* XXX: need to add expiration and sequencing */ |
121 | ret = GSS_S_COMPLETE; | 122 | ret = GSS_S_COMPLETE; |
122 | out: | 123 | out: |
123 | kfree(md5cksum.data); | ||
124 | kfree(wire_cksum.data); | 124 | kfree(wire_cksum.data); |
125 | return ret; | 125 | return ret; |
126 | } | 126 | } |