rpc: clean up decoding of gssproxy linux creds

commit 778e512bb1d3315c6b55832248cd30c566c081d7 upstream.

We can use the normal coding infrastructure here.

Two minor behavior changes:

	- we're assuming no wasted space at the end of the linux cred.
	  That seems to match gss-proxy's behavior, and I can't see why
	  it would need to do differently in the future.

	- NGROUPS_MAX check added: note groups_alloc doesn't do this,
	  this is the caller's responsibility.

Tested-by: Simo Sorce <simo@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c
index 3c85d1c8a0288db543fdb5cbec9d9ef5bd0f2f22..f5067b2e0a0878e7dee2c4ef4003f3e75429bc6d 100644 (file)
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -166,14 +166,14 @@ static int dummy_dec_opt_array(struct xdr_stream *xdr,
        return 0;
 }
 
-static int get_s32(void **p, void *max, s32 *res)
+static int get_s32(struct xdr_stream *xdr, s32 *res)
 {
-       void *base = *p;
-       void *next = (void *)((char *)base + sizeof(s32));
-       if (unlikely(next > max || next < base))
+       __be32 *p;
+
+       p = xdr_inline_decode(xdr, 4);
+       if (!p)
                return -EINVAL;
-       memcpy(res, base, sizeof(s32));
-       *p = next;
+       memcpy(res, p, sizeof(s32));
        return 0;
 }
 
@@ -182,7 +182,6 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
 {
        u32 length;
        __be32 *p;
-       void *q, *end;
        s32 tmp;
        int N, i, err;
 
@@ -192,33 +191,28 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
 
        length = be32_to_cpup(p);
 
-       /* FIXME: we do not want to use the scratch buffer for this one
-        * may need to use functions that allows us to access an io vector
-        * directly */
-       p = xdr_inline_decode(xdr, length);
-       if (unlikely(p == NULL))
+       if (length > (3 + NGROUPS_MAX) * sizeof(u32))
                return -ENOSPC;
 
-       q = p;
-       end = q + length;
-
        /* uid */
-       err = get_s32(&q, end, &tmp);
+       err = get_s32(xdr, &tmp);
        if (err)
                return err;
        creds->cr_uid = make_kuid(&init_user_ns, tmp);
 
        /* gid */
-       err = get_s32(&q, end, &tmp);
+       err = get_s32(xdr, &tmp);
        if (err)
                return err;
        creds->cr_gid = make_kgid(&init_user_ns, tmp);
 
        /* number of additional gid's */
-       err = get_s32(&q, end, &tmp);
+       err = get_s32(xdr, &tmp);
        if (err)
                return err;
        N = tmp;
+       if ((3 + N) * sizeof(u32) != length)
+               return -EINVAL;
        creds->cr_group_info = groups_alloc(N);
        if (creds->cr_group_info == NULL)
                return -ENOMEM;
@@ -226,7 +220,7 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr,
        /* gid's */
        for (i = 0; i < N; i++) {
                kgid_t kgid;
-               err = get_s32(&q, end, &tmp);
+               err = get_s32(xdr, &tmp);
                if (err)
                        goto out_free_groups;
                err = -EINVAL;