summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2023-01-08 11:30:09 -0500
committerChuck Lever <chuck.lever@oracle.com>2023-02-20 09:20:28 -0500
commitdf18f9ccb98a90e51d2d3527d880375db15b1fc8 (patch)
tree36294ee5a939731e36f39460d919381e6fab9f0c
parent3b03f3c5d4dbed658ef9a76c3475b2fb37d46451 (diff)
downloadlinux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.tar.gz
linux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.tar.bz2
linux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.zip
SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()
Done as part of hardening the server-side RPC header encoding path. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
-rw-r--r--net/sunrpc/svcauth_unix.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index e3981e124042..632150a6b947 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -822,9 +822,9 @@ svcauth_tls_accept(struct svc_rqst *rqstp)
{
struct xdr_stream *xdr = &rqstp->rq_arg_stream;
struct svc_cred *cred = &rqstp->rq_cred;
- struct kvec *resv = rqstp->rq_res.head;
u32 flavor, len;
void *body;
+ __be32 *p;
/* Length of Call's credential body field: */
if (xdr_stream_decode_u32(xdr, &len) < 0)
@@ -855,17 +855,21 @@ svcauth_tls_accept(struct svc_rqst *rqstp)
if (cred->cr_group_info == NULL)
return SVC_CLOSE;
- /* Reply's verifier */
- svc_putnl(resv, RPC_AUTH_NULL);
+ svcxdr_init_encode(rqstp);
if (rqstp->rq_xprt->xpt_ops->xpo_start_tls) {
- svc_putnl(resv, 8);
- memcpy(resv->iov_base + resv->iov_len, "STARTTLS", 8);
- resv->iov_len += 8;
- } else
- svc_putnl(resv, 0);
+ p = xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2 + 8);
+ if (!p)
+ return SVC_CLOSE;
+ *p++ = rpc_auth_null;
+ *p++ = cpu_to_be32(8);
+ memcpy(p, "STARTTLS", 8);
+ } else {
+ if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream,
+ RPC_AUTH_NULL, NULL, 0) < 0)
+ return SVC_CLOSE;
+ }
rqstp->rq_cred.cr_flavor = RPC_AUTH_TLS;
- svcxdr_init_encode(rqstp);
return SVC_OK;
}