Commit bee13639 authored by Chuck Lever's avatar Chuck Lever
Browse files

SUNRPC: Convert svcauth_null_accept() to use xdr_stream



Done as part of hardening the server-side RPC header decoding path.

Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 846b5756
Loading
Loading
Loading
Loading
+25 −8
Original line number Original line Diff line number Diff line
@@ -729,23 +729,41 @@ svcauth_unix_set_client(struct svc_rqst *rqstp)


EXPORT_SYMBOL_GPL(svcauth_unix_set_client);
EXPORT_SYMBOL_GPL(svcauth_unix_set_client);


/**
 * svcauth_null_accept - Decode and validate incoming RPC_AUTH_NULL credential
 * @rqstp: RPC transaction
 *
 * Return values:
 *   %SVC_OK: Both credential and verifier are valid
 *   %SVC_DENIED: Credential or verifier is not valid
 *   %SVC_GARBAGE: Failed to decode credential or verifier
 *   %SVC_CLOSE: Temporary failure
 *
 * rqstp->rq_auth_stat is set as mandated by RFC 5531.
 */
static int
static int
svcauth_null_accept(struct svc_rqst *rqstp)
svcauth_null_accept(struct svc_rqst *rqstp)
{
{
	struct kvec	*argv = &rqstp->rq_arg.head[0];
	struct kvec	*resv = &rqstp->rq_res.head[0];
	struct kvec	*resv = &rqstp->rq_res.head[0];
	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
	struct svc_cred	*cred = &rqstp->rq_cred;
	struct svc_cred	*cred = &rqstp->rq_cred;
	u32 flavor, len;
	void *body;


	if (argv->iov_len < 3*4)
	svcxdr_init_decode(rqstp);
		return SVC_GARBAGE;


	if (svc_getu32(argv) != 0) {
	/* Length of Call's credential body field: */
		dprintk("svc: bad null cred\n");
	if (xdr_stream_decode_u32(xdr, &len) < 0)
		return SVC_GARBAGE;
	if (len != 0) {
		rqstp->rq_auth_stat = rpc_autherr_badcred;
		rqstp->rq_auth_stat = rpc_autherr_badcred;
		return SVC_DENIED;
		return SVC_DENIED;
	}
	}
	if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {

		dprintk("svc: bad null verf\n");
	/* Call's verf field: */
	if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0)
		return SVC_GARBAGE;
	if (flavor != RPC_AUTH_NULL || len != 0) {
		rqstp->rq_auth_stat = rpc_autherr_badverf;
		rqstp->rq_auth_stat = rpc_autherr_badverf;
		return SVC_DENIED;
		return SVC_DENIED;
	}
	}
@@ -762,7 +780,6 @@ svcauth_null_accept(struct svc_rqst *rqstp)
	svc_putnl(resv, 0);
	svc_putnl(resv, 0);


	rqstp->rq_cred.cr_flavor = RPC_AUTH_NULL;
	rqstp->rq_cred.cr_flavor = RPC_AUTH_NULL;
	svcxdr_init_decode(rqstp);
	return SVC_OK;
	return SVC_OK;
}
}