From: "J. Bruce Fields" <bfields@redhat.com>
To: Simo Sorce <simo@redhat.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>, linux-nfs@vger.kernel.org
Subject: Re: SUNRPC: Add RPC based upcall mechanism for RPCGSS auth
Date: Tue, 7 May 2013 17:49:50 -0400 [thread overview]
Message-ID: <20130507214950.GD27004@pad.fieldses.org> (raw)
In-Reply-To: <1367855693.2976.205.camel@willson.li.ssimo.org>
On Mon, May 06, 2013 at 11:54:53AM -0400, Simo Sorce wrote:
> On Mon, 2013-05-06 at 18:44 +0300, Dan Carpenter wrote:
> > Hello Simo Sorce,
> >
> > The patch 1d658336b05f: "SUNRPC: Add RPC based upcall mechanism for
> > RPCGSS auth" from May 25, 2012, leads to the following warning:
> > "net/sunrpc/auth_gss/gss_rpc_xdr.c:30 gssx_check_pointer()
> > warn: signedness bug returning '(-28)'"
> >
> > net/sunrpc/auth_gss/gss_rpc_xdr.c
> > 24 static bool gssx_check_pointer(struct xdr_stream *xdr)
> > 25 {
> > 26 __be32 *p;
> > 27
> > 28 p = xdr_reserve_space(xdr, 4);
> > 29 if (unlikely(p == NULL))
> > 30 return -ENOSPC;
> > ^^^^^^^
> > This is casted implicitly to "true". Functions named "check" are a bad
> > idea anyways because it's not clear what the return value will be. It's
> > better to use "gssx_pointer_ok()" or "valid" where obviously true means
> > that the pointer is ok.
> >
> > 31 return *p?true:false;
> >
> > We just reserved "*p" so doesn't this point to uninitialized data? It
> > points to a __be32. So we're not really checking a pointer we're
> > checking that __be32 is non-zero.
> >
> > 32 }
> >
> > regards,
> > dan carpenter
>
> Dan,
> thanks a lot for pointing this one out.
Yes, thanks!
> Bruce,
> we should fix it in 3.10 if we can make it.
Agreed. Probably the following attempt to decode will fail with an
-ENOSPC anyway, but this is ugly at least.
> probably easiest way is to kill lines 29/30 and do:
> return (p && *p) ? true : false;
>
> It would be also ok to change the name to gssx_pointer_is_valid() I
> guess.
It still seems a little yuch to lump a decoding failure with a succesful
decode of a particular value....
How about just killing gssx_check_pointer, as follows. Admittedly it's
a bit verbose, but it's straightforward. Any objections?
--b.
commit fb43f11c666a4f99f23f0be4fa528dcd288c0da2
Author: J. Bruce Fields <bfields@redhat.com>
Date: Tue May 7 17:45:20 2013 -0400
SUNRPC: fix decoding of optional gss-proxy xdr fields
The current code works, but sort of by accident: it obviously didn't
intend the error return to be interpreted as "true".
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index a1e1b1a..357f613 100644
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -21,16 +21,6 @@
#include <linux/sunrpc/svcauth.h>
#include "gss_rpc_xdr.h"
-static bool gssx_check_pointer(struct xdr_stream *xdr)
-{
- __be32 *p;
-
- p = xdr_reserve_space(xdr, 4);
- if (unlikely(p == NULL))
- return -ENOSPC;
- return *p?true:false;
-}
-
static int gssx_enc_bool(struct xdr_stream *xdr, int v)
{
__be32 *p;
@@ -802,6 +792,7 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
struct xdr_stream *xdr,
struct gssx_res_accept_sec_context *res)
{
+ u32 value_follows;
int err;
/* res->status */
@@ -810,7 +801,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
return err;
/* res->context_handle */
- if (gssx_check_pointer(xdr)) {
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+ return err;
+ if (value_follows) {
err = gssx_dec_ctx(xdr, res->context_handle);
if (err)
return err;
@@ -819,7 +813,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
}
/* res->output_token */
- if (gssx_check_pointer(xdr)) {
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+ return err;
+ if (value_follows) {
err = gssx_dec_buffer(xdr, res->output_token);
if (err)
return err;
@@ -828,7 +825,10 @@ int gssx_dec_accept_sec_context(struct rpc_rqst *rqstp,
}
/* res->delegated_cred_handle */
- if (gssx_check_pointer(xdr)) {
+ err = gssx_dec_bool(xdr, &value_follows);
+ if (err)
+ return err;
+ if (value_follows) {
/* we do not support upcall servers sending this data. */
return -EINVAL;
}
next prev parent reply other threads:[~2013-05-07 21:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-06 15:44 SUNRPC: Add RPC based upcall mechanism for RPCGSS auth Dan Carpenter
2013-05-06 15:54 ` Simo Sorce
2013-05-07 21:49 ` J. Bruce Fields [this message]
2013-05-07 21:57 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130507214950.GD27004@pad.fieldses.org \
--to=bfields@redhat.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox