diff options
| author | J. Bruce Fields <bfields@redhat.com> | 2013-05-07 17:45:20 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2013-05-07 17:45:20 -0400 |
| commit | fb43f11c666a4f99f23f0be4fa528dcd288c0da2 (patch) | |
| tree | 0cbd44e178322a537c83faa576686e2463c4ccc7 /net | |
| parent | 9fd40c5a66be0b0a5d65362ec139968ba6d1f412 (diff) | |
SUNRPC: fix decoding of optional gss-proxy xdr fields
The current code works, but sort of by accident: it obviously didn't
intend the error return to be interpreted as "true".
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_rpc_xdr.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index a1e1b1ab515b..357f613df7ff 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c | |||
| @@ -21,16 +21,6 @@ | |||
| 21 | #include <linux/sunrpc/svcauth.h> | 21 | #include <linux/sunrpc/svcauth.h> |
| 22 | #include "gss_rpc_xdr.h" | 22 | #include "gss_rpc_xdr.h" |
| 23 | 23 | ||
| 24 | static bool gssx_check_pointer(struct xdr_stream *xdr) | ||
| 25 | { | ||
| 26 | __be32 *p; | ||
| 27 | |||
| 28 | p = xdr_reserve_space(xdr, 4); | ||
| 29 | if (unlikely(p == NULL)) | ||
| 30 | return -ENOSPC; | ||
| 31 | return *p?true:false; | ||
| 32 | } | ||
| 33 | |||
| 34 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) | 24 | static int gssx_enc_bool(struct xdr_stream *xdr, int v) |
| 35 | { | 25 | { |
| 36 | __be32 *p; | 26 | __be32 *p; |
| @@ -802,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
| 802 | struct xdr_stream *xdr, | 792 | struct xdr_stream *xdr, |
| 803 | struct gssx_res_accept_sec_context *res) | 793 | struct gssx_res_accept_sec_context *res) |
| 804 | { | 794 | { |
| 795 | u32 value_follows; | ||
| 805 | int err; | 796 | int err; |
| 806 | 797 | ||
| 807 | /* res->status */ | 798 | /* res->status */ |
| @@ -810,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
| 810 | return err; | 801 | return err; |
| 811 | 802 | ||
| 812 | /* res->context_handle */ | 803 | /* res->context_handle */ |
| 813 | if (gssx_check_pointer(xdr)) { | 804 | err = gssx_dec_bool(xdr, &value_follows); |
| 805 | if (err) | ||
| 806 | return err; | ||
| 807 | if (value_follows) { | ||
| 814 | err = gssx_dec_ctx(xdr, res->context_handle); | 808 | err = gssx_dec_ctx(xdr, res->context_handle); |
| 815 | if (err) | 809 | if (err) |
| 816 | return err; | 810 | return err; |
| @@ -819,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
| 819 | } | 813 | } |
| 820 | 814 | ||
| 821 | /* res->output_token */ | 815 | /* res->output_token */ |
| 822 | if (gssx_check_pointer(xdr)) { | 816 | err = gssx_dec_bool(xdr, &value_follows); |
| 817 | if (err) | ||
| 818 | return err; | ||
| 819 | if (value_follows) { | ||
| 823 | err = gssx_dec_buffer(xdr, res->output_token); | 820 | err = gssx_dec_buffer(xdr, res->output_token); |
| 824 | if (err) | 821 | if (err) |
| 825 | return err; | 822 | return err; |
| @@ -828,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp, | |||
| 828 | } | 825 | } |
| 829 | 826 | ||
| 830 | /* res->delegated_cred_handle */ | 827 | /* res->delegated_cred_handle */ |
| 831 | if (gssx_check_pointer(xdr)) { | 828 | err = gssx_dec_bool(xdr, &value_follows); |
| 829 | if (err) | ||
| 830 | return err; | ||
| 831 | if (value_follows) { | ||
| 832 | /* we do not support upcall servers sending this data. */ | 832 | /* we do not support upcall servers sending this data. */ |
| 833 | return -EINVAL; | 833 | return -EINVAL; |
| 834 | } | 834 | } |