From: Steve Dickson <SteveD@redhat.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: libtirpc List <libtirpc-devel@lists.sourceforge.net>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH v3] Avoid buffer overruns by allocating buffer in svcauth_gss_validate()
Date: Wed, 28 May 2014 17:24:51 -0400 [thread overview]
Message-ID: <53865423.4060905@RedHat.com> (raw)
In-Reply-To: <B43A996B-5DB8-470B-926C-27FF30445D7D@oracle.com>
On 05/28/2014 03:11 PM, Chuck Lever wrote:
>
> On May 28, 2014, at 3:09 PM, Steve Dickson <steved@redhat.com> wrote:
>
>> Signed-off-by: Steve Dickson <steved@redhat.com>
>
> Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Thank you... For your time!
steved.
>
>> ---
>> src/svc_auth_gss.c | 14 +++++++-------
>> 1 files changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
>> index 601a691..26c1065 100644
>> --- a/src/svc_auth_gss.c
>> +++ b/src/svc_auth_gss.c
>> @@ -286,21 +286,19 @@ svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
>> struct opaque_auth *oa;
>> gss_buffer_desc rpcbuf, checksum;
>> OM_uint32 maj_stat, min_stat, qop_state;
>> - u_char rpchdr[128];
>> + u_char *rpchdr;
>> int32_t *buf;
>>
>> gss_log_debug("in svcauth_gss_validate()");
>>
>> - memset(rpchdr, 0, sizeof(rpchdr));
>> -
>> /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
>> oa = &msg->rm_call.cb_cred;
>> if (oa->oa_length > MAX_AUTH_BYTES)
>> return (FALSE);
>> -
>> - /* 8 XDR units from the IXDR macro calls. */
>> - if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
>> - RNDUP(oa->oa_length)))
>> +
>> + rpchdr = (u_char *)calloc(((8 * BYTES_PER_XDR_UNIT) +
>> + RNDUP(oa->oa_length)), 1);
>> + if (rpchdr == NULL)
>> return (FALSE);
>>
>> buf = (int32_t *)rpchdr;
>> @@ -325,6 +323,8 @@ svcauth_gss_validate(struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
>> maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
>> &qop_state);
>>
>> + free(rpchdr);
>> +
>> if (maj_stat != GSS_S_COMPLETE) {
>> gss_log_status("gss_verify_mic", maj_stat, min_stat);
>> return (FALSE);
>> --
>> 1.7.1
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Chuck Lever
> chuck[dot]lever[at]oracle[dot]com
>
>
>
next prev parent reply other threads:[~2014-05-28 21:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-28 19:09 [PATCH v3] Avoid buffer overruns by allocating buffer in svcauth_gss_validate() Steve Dickson
2014-05-28 19:11 ` Chuck Lever
2014-05-28 21:24 ` Steve Dickson [this message]
2014-05-29 13:43 ` [Libtirpc-devel] " Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53865423.4060905@RedHat.com \
--to=steved@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=libtirpc-devel@lists.sourceforge.net \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).