diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2023-01-08 11:30:09 -0500 |
---|---|---|
committer | Chuck Lever <chuck.lever@oracle.com> | 2023-02-20 09:20:28 -0500 |
commit | df18f9ccb98a90e51d2d3527d880375db15b1fc8 (patch) | |
tree | 36294ee5a939731e36f39460d919381e6fab9f0c | |
parent | 3b03f3c5d4dbed658ef9a76c3475b2fb37d46451 (diff) | |
download | linux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.tar.gz linux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.tar.bz2 linux-stable-df18f9ccb98a90e51d2d3527d880375db15b1fc8.zip |
SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()
Done as part of hardening the server-side RPC header encoding path.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
-rw-r--r-- | net/sunrpc/svcauth_unix.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index e3981e124042..632150a6b947 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -822,9 +822,9 @@ svcauth_tls_accept(struct svc_rqst *rqstp) { struct xdr_stream *xdr = &rqstp->rq_arg_stream; struct svc_cred *cred = &rqstp->rq_cred; - struct kvec *resv = rqstp->rq_res.head; u32 flavor, len; void *body; + __be32 *p; /* Length of Call's credential body field: */ if (xdr_stream_decode_u32(xdr, &len) < 0) @@ -855,17 +855,21 @@ svcauth_tls_accept(struct svc_rqst *rqstp) if (cred->cr_group_info == NULL) return SVC_CLOSE; - /* Reply's verifier */ - svc_putnl(resv, RPC_AUTH_NULL); + svcxdr_init_encode(rqstp); if (rqstp->rq_xprt->xpt_ops->xpo_start_tls) { - svc_putnl(resv, 8); - memcpy(resv->iov_base + resv->iov_len, "STARTTLS", 8); - resv->iov_len += 8; - } else - svc_putnl(resv, 0); + p = xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2 + 8); + if (!p) + return SVC_CLOSE; + *p++ = rpc_auth_null; + *p++ = cpu_to_be32(8); + memcpy(p, "STARTTLS", 8); + } else { + if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream, + RPC_AUTH_NULL, NULL, 0) < 0) + return SVC_CLOSE; + } rqstp->rq_cred.cr_flavor = RPC_AUTH_TLS; - svcxdr_init_encode(rqstp); return SVC_OK; } |