diff options
Diffstat (limited to 'net/sunrpc/svcauth_unix.c')
-rw-r--r-- | net/sunrpc/svcauth_unix.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index c3f9e1ef7f53..06bdf5a1082c 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c | |||
@@ -810,11 +810,15 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
810 | goto badcred; | 810 | goto badcred; |
811 | argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ | 811 | argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ |
812 | argv->iov_len -= slen*4; | 812 | argv->iov_len -= slen*4; |
813 | 813 | /* | |
814 | * Note: we skip uid_valid()/gid_valid() checks here for | ||
815 | * backwards compatibility with clients that use -1 id's. | ||
816 | * Instead, -1 uid or gid is later mapped to the | ||
817 | * (export-specific) anonymous id by nfsd_setuser. | ||
818 | * Supplementary gid's will be left alone. | ||
819 | */ | ||
814 | cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ | 820 | cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ |
815 | cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ | 821 | cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ |
816 | if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid)) | ||
817 | goto badcred; | ||
818 | slen = svc_getnl(argv); /* gids length */ | 822 | slen = svc_getnl(argv); /* gids length */ |
819 | if (slen > 16 || (len -= (slen + 2)*4) < 0) | 823 | if (slen > 16 || (len -= (slen + 2)*4) < 0) |
820 | goto badcred; | 824 | goto badcred; |
@@ -823,8 +827,6 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) | |||
823 | return SVC_CLOSE; | 827 | return SVC_CLOSE; |
824 | for (i = 0; i < slen; i++) { | 828 | for (i = 0; i < slen; i++) { |
825 | kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); | 829 | kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv)); |
826 | if (!gid_valid(kgid)) | ||
827 | goto badcred; | ||
828 | GROUP_AT(cred->cr_group_info, i) = kgid; | 830 | GROUP_AT(cred->cr_group_info, i) = kgid; |
829 | } | 831 | } |
830 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { | 832 | if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { |