* [PATCH V2] Avoid buffer overruns by allocating buffer in svcauth_gss_validate()
@ 2014-05-28 18:47 Steve Dickson
0 siblings, 0 replies; only message in thread
From: Steve Dickson @ 2014-05-28 18:47 UTC (permalink / raw)
To: Libtirpc-devel Mailing List; +Cc: Linux NFS Mailing list
Signed-off-by: Steve Dickson <steved@redhat.com>
---
src/svc_auth_gss.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index 601a691..0766959 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -286,21 +286,21 @@ svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
struct opaque_auth *oa;
gss_buffer_desc rpcbuf, checksum;
OM_uint32 maj_stat, min_stat, qop_state;
- u_char rpchdr[128];
+ u_char *rpchdr;
int32_t *buf;
+ u_int bufsz;
gss_log_debug("in svcauth_gss_validate()");
- memset(rpchdr, 0, sizeof(rpchdr));
-
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
oa = &msg->rm_call.cb_cred;
- if (oa->oa_length > MAX_AUTH_BYTES)
+
+ bufsz = ((8 * BYTES_PER_XDR_UNIT) + RNDUP(oa->oa_length));
+ if (bufsz > MAX_AUTH_BYTES)
return (FALSE);
- /* 8 XDR units from the IXDR macro calls. */
- if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
- RNDUP(oa->oa_length)))
+ rpchdr = (u_char *)calloc(bufsz, 1);
+ if (rpchdr == NULL)
return (FALSE);
buf = (int32_t *)rpchdr;
--
1.7.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-28 18:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-28 18:47 [PATCH V2] Avoid buffer overruns by allocating buffer in svcauth_gss_validate() Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).