On Mon, 2010-09-06 at 11:36 +0800, Bian Naimeng wrote: > krb5 miss returning error to up layer when import security context, > it may be return ok though it has failed to import security context. > > Signed-off-by: Bian Naimeng <biannm@xxxxxxxxxxxxxx> > > ---- > > diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c > index 0326446..778e5df 100644 > --- a/net/sunrpc/auth_gss/gss_krb5_mech.c > +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c > @@ -237,6 +237,7 @@ get_key(const void *p, const void *end, > if (!supported_gss_krb5_enctype(alg)) { > printk(KERN_WARNING "gss_kerberos_mech: unsupported " > "encryption key algorithm %d\n", alg); > + p = ERR_PTR(-EINVAL); > goto out_err; > } > p = simple_get_netobj(p, end, &key); > @@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx) > ctx->enctype = ENCTYPE_DES_CBC_RAW; > > ctx->gk5e = get_gss_krb5_enctype(ctx->enctype); > - if (ctx->gk5e == NULL) > + if (ctx->gk5e == NULL) { > + p = ERR_PTR(-EINVAL); > goto out_err; > + } > > /* The downcall format was designed before we completely understood > * the uses of the context fields; so it includes some stuff we > * just give some minimal sanity-checking, and some we ignore > * completely (like the next twenty bytes): */ > - if (unlikely(p + 20 > end || p + 20 < p)) > + if (unlikely(p + 20 > end || p + 20 < p)) { > + p = ERR_PTR(-EFAULT); > goto out_err; > + } > p += 20; > p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); > if (IS_ERR(p)) > @@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, > if (ctx->seq_send64 != ctx->seq_send) { > dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__, > (long unsigned)ctx->seq_send64, ctx->seq_send); > + p = ERR_PTR(-EINVAL); > goto out_err; > } > p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype)); > Those all look good. Applied! Thanks for spotting them! Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html