diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2023-01-02 12:05:50 -0500 |
|---|---|---|
| committer | Chuck Lever <chuck.lever@oracle.com> | 2023-02-20 09:20:09 -0500 |
| commit | bee13639c0940abdea4dcaaf7f9bc0b88a68322b (patch) | |
| tree | d579951f62cb0ab3c7d72b6b63b81529161519eb /net/sunrpc/svcauth_unix.c | |
| parent | 846b5756d7632523b5bfce78c163aa883aa9d587 (diff) | |
| download | lwn-bee13639c0940abdea4dcaaf7f9bc0b88a68322b.tar.gz lwn-bee13639c0940abdea4dcaaf7f9bc0b88a68322b.zip | |
SUNRPC: Convert svcauth_null_accept() to use xdr_stream
Done as part of hardening the server-side RPC header decoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Diffstat (limited to 'net/sunrpc/svcauth_unix.c')
| -rw-r--r-- | net/sunrpc/svcauth_unix.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 3a77f3be2cf0..95354f03bb05 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -729,23 +729,41 @@ out: EXPORT_SYMBOL_GPL(svcauth_unix_set_client); +/** + * svcauth_null_accept - Decode and validate incoming RPC_AUTH_NULL credential + * @rqstp: RPC transaction + * + * Return values: + * %SVC_OK: Both credential and verifier are valid + * %SVC_DENIED: Credential or verifier is not valid + * %SVC_GARBAGE: Failed to decode credential or verifier + * %SVC_CLOSE: Temporary failure + * + * rqstp->rq_auth_stat is set as mandated by RFC 5531. + */ static int svcauth_null_accept(struct svc_rqst *rqstp) { - struct kvec *argv = &rqstp->rq_arg.head[0]; struct kvec *resv = &rqstp->rq_res.head[0]; + struct xdr_stream *xdr = &rqstp->rq_arg_stream; struct svc_cred *cred = &rqstp->rq_cred; + u32 flavor, len; + void *body; - if (argv->iov_len < 3*4) - return SVC_GARBAGE; + svcxdr_init_decode(rqstp); - if (svc_getu32(argv) != 0) { - dprintk("svc: bad null cred\n"); + /* Length of Call's credential body field: */ + if (xdr_stream_decode_u32(xdr, &len) < 0) + return SVC_GARBAGE; + if (len != 0) { rqstp->rq_auth_stat = rpc_autherr_badcred; return SVC_DENIED; } - if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) { - dprintk("svc: bad null verf\n"); + + /* Call's verf field: */ + if (xdr_stream_decode_opaque_auth(xdr, &flavor, &body, &len) < 0) + return SVC_GARBAGE; + if (flavor != RPC_AUTH_NULL || len != 0) { rqstp->rq_auth_stat = rpc_autherr_badverf; return SVC_DENIED; } @@ -762,7 +780,6 @@ svcauth_null_accept(struct svc_rqst *rqstp) svc_putnl(resv, 0); rqstp->rq_cred.cr_flavor = RPC_AUTH_NULL; - svcxdr_init_decode(rqstp); return SVC_OK; } |