2 files changed, 6 insertions, 7 deletions

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 01c5e4314632..5a4b1e0206e3 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -42,8 +42,6 @@
 
 struct krb5_ctx {
         int                     initiate; /* 1 = initiating, 0 = accepting */
-        int                     seed_init;
-        unsigned char           seed[16];
         struct crypto_blkcipher *enc;
         struct crypto_blkcipher *seq;
         s32                     endtime;
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index bf5435db8785..05d4bee86fc0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -137,12 +137,13 @@ gss_import_sec_context_kerberos(const void *p,
         p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
         if (IS_ERR(p))
                 goto out_err_free_ctx;
-        p = simple_get_bytes(p, end, &ctx->seed_init, sizeof(ctx->seed_init));
-        if (IS_ERR(p))
-                goto out_err_free_ctx;
-        p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
-        if (IS_ERR(p))
+        /* The downcall format was designed before we completely understood
+         * the uses of the context fields; so it includes some stuff we
+         * just give some minimal sanity-checking, and some we ignore
+         * completely (like the next twenty bytes): */
+        if (unlikely(p + 20 > end || p + 20 < p))
                 goto out_err_free_ctx;
+        p += 20;
         p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
         if (IS_ERR(p))
                 goto out_err_free_ctx;