diff options
author | Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com> | 2020-10-19 13:42:27 +0200 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2020-10-20 13:21:30 -0400 |
commit | d48c8124749c9a5081fe68680f83605e272c984b (patch) | |
tree | c5a094ec951b61a0613c7c5430e119b92882ae79 /lib/plist.c | |
parent | 27a1e8a0f79e643d4dedb46f71e76bdee3801877 (diff) | |
download | linux-stable-d48c8124749c9a5081fe68680f83605e272c984b.tar.gz linux-stable-d48c8124749c9a5081fe68680f83605e272c984b.tar.bz2 linux-stable-d48c8124749c9a5081fe68680f83605e272c984b.zip |
SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
When the passed token is longer than 4032 bytes, the remaining part
of the token must be copied from the rqstp->rq_arg.pages. But the
copy must make sure it happens in a consecutive way.
With the existing code, the first memcpy copies 'length' bytes from
argv->iobase, but since the header is in front, this never fills the
whole first page of in_token->pages.
The mecpy in the loop copies the following bytes, but starts writing at
the next page of in_token->pages. This leaves the last bytes of page 0
unwritten.
Symptoms were that users with many groups were not able to access NFS
exports, when using Active Directory as the KDC.
Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Fixes: 5866efa8cbfb "SUNRPC: Fix svcauth_gss_proxy_init()"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'lib/plist.c')
0 files changed, 0 insertions, 0 deletions