* [PATCH] auth_domain_lookup in 2.6.8-rc2
@ 2004-10-08 10:01 Olaf Kirch
2004-10-08 19:43 ` J. Bruce Fields
0 siblings, 1 reply; 2+ messages in thread
From: Olaf Kirch @ 2004-10-08 10:01 UTC (permalink / raw)
To: nfs
[-- Attachment #1: Type: text/plain, Size: 385 bytes --]
Hi,
2.6.8-rc2 open-codes auth_domain_lookup, and introduces a flaw that
may have security consequences. If we do not find any matching
domain, the routine always returns the last item looked at, no
matter what it was.
Olaf
--
Olaf Kirch | Things that make Monday morning interesting, #1:
okir@suse.de | "I want to use NFS over AX25, can you help me?"
---------------+
[-- Attachment #2: sunrpc-authdomain-lookup --]
[-- Type: text/plain, Size: 829 bytes --]
This patch makes sure that auth_domain_lookup returns NULL when
it doesn't find a matching entry, rather than the last entry
in the hash chain.
Signed-off-by: Olaf Kirch <okir@suse.de>
Index: linux-2.6.8/net/sunrpc/svcauth.c
===================================================================
--- linux-2.6.8.orig/net/sunrpc/svcauth.c
+++ linux-2.6.8/net/sunrpc/svcauth.c
@@ -183,7 +183,7 @@ auth_domain_lookup(struct auth_domain *i
}
/* Didn't find anything */
if (!set)
- goto out_noset;
+ goto out_nada;
auth_domain_cache.entries++;
out_set:
set_bit(CACHE_HASHED, &item->h.flags);
@@ -193,6 +193,8 @@ out_set:
cache_fresh(&auth_domain_cache, &item->h, item->h.expiry_time);
cache_get(&item->h);
return item;
+out_nada:
+ tmp = NULL;
out_noset:
read_unlock(&auth_domain_cache.hash_lock);
return tmp;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] auth_domain_lookup in 2.6.8-rc2
2004-10-08 10:01 [PATCH] auth_domain_lookup in 2.6.8-rc2 Olaf Kirch
@ 2004-10-08 19:43 ` J. Bruce Fields
0 siblings, 0 replies; 2+ messages in thread
From: J. Bruce Fields @ 2004-10-08 19:43 UTC (permalink / raw)
To: Olaf Kirch; +Cc: nfs
On Fri, Oct 08, 2004 at 12:01:03PM +0200, Olaf Kirch wrote:
> 2.6.8-rc2 open-codes auth_domain_lookup, and introduces a flaw that
> may have security consequences. If we do not find any matching
> domain, the routine always returns the last item looked at, no
> matter what it was.
Argh, sorry, that was my fault. Thanks for spotting it.--b.
> This patch makes sure that auth_domain_lookup returns NULL when
> it doesn't find a matching entry, rather than the last entry
> in the hash chain.
>
> Signed-off-by: Olaf Kirch <okir@suse.de>
>
> Index: linux-2.6.8/net/sunrpc/svcauth.c
> ===================================================================
> --- linux-2.6.8.orig/net/sunrpc/svcauth.c
> +++ linux-2.6.8/net/sunrpc/svcauth.c
> @@ -183,7 +183,7 @@ auth_domain_lookup(struct auth_domain *i
> }
> /* Didn't find anything */
> if (!set)
> - goto out_noset;
> + goto out_nada;
> auth_domain_cache.entries++;
> out_set:
> set_bit(CACHE_HASHED, &item->h.flags);
> @@ -193,6 +193,8 @@ out_set:
> cache_fresh(&auth_domain_cache, &item->h, item->h.expiry_time);
> cache_get(&item->h);
> return item;
> +out_nada:
> + tmp = NULL;
> out_noset:
> read_unlock(&auth_domain_cache.hash_lock);
> return tmp;
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-10-08 19:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-08 10:01 [PATCH] auth_domain_lookup in 2.6.8-rc2 Olaf Kirch
2004-10-08 19:43 ` J. Bruce Fields
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.