Re: [PATCH 1/2]gss:krb5 miss returning error to caller when import security context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2010-09-06 at 11:36 +0800, Bian Naimeng wrote:
> krb5 miss returning error to up layer when import security context, 
> it may be return ok though it has failed to import security context.
> 
> Signed-off-by: Bian Naimeng <biannm@xxxxxxxxxxxxxx>
> 
> ----
> 
> diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
> index 0326446..778e5df 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
> @@ -237,6 +237,7 @@ get_key(const void *p, const void *end,
>  	if (!supported_gss_krb5_enctype(alg)) {
>  		printk(KERN_WARNING "gss_kerberos_mech: unsupported "
>  			"encryption key algorithm %d\n", alg);
> +		p = ERR_PTR(-EINVAL);
>  		goto out_err;
>  	}
>  	p = simple_get_netobj(p, end, &key);
> @@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
>  	ctx->enctype = ENCTYPE_DES_CBC_RAW;
>  
>  	ctx->gk5e = get_gss_krb5_enctype(ctx->enctype);
> -	if (ctx->gk5e == NULL)
> +	if (ctx->gk5e == NULL) {
> +		p = ERR_PTR(-EINVAL);
>  		goto out_err;
> +	}
>  
>  	/* The downcall format was designed before we completely understood
>  	 * the uses of the context fields; so it includes some stuff we
>  	 * just give some minimal sanity-checking, and some we ignore
>  	 * completely (like the next twenty bytes): */
> -	if (unlikely(p + 20 > end || p + 20 < p))
> +	if (unlikely(p + 20 > end || p + 20 < p)) {
> +		p = ERR_PTR(-EFAULT);
>  		goto out_err;
> +	}
>  	p += 20;
>  	p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
>  	if (IS_ERR(p))
> @@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
>  	if (ctx->seq_send64 != ctx->seq_send) {
>  		dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__,
>  			(long unsigned)ctx->seq_send64, ctx->seq_send);
> +		p = ERR_PTR(-EINVAL);
>  		goto out_err;
>  	}
>  	p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype));
> 

Those all look good. Applied!

Thanks for spotting them!

  Trond

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux