Merge branch 'for-2.6.25' of git://git.secretlab.ca/git/linux-2.6-mpc52xx into for...

[linux-2.6-omap-h63xx.git] / net / sunrpc / auth_gss / gss_krb5_mech.c

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 325e72e4fd31cbc77a066324f3e84a60cee0b3de..60c3dba545d7c8287cc17a00251e7fe43dad9e27 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -70,10 +70,9 @@ simple_get_netobj(const void *p, const void *end, struct xdr_netobj *res)
        q = (const void *)((const char *)p + len);
        if (unlikely(q > end || q < p))
                return ERR_PTR(-EFAULT);
-       res->data = kmalloc(len, GFP_KERNEL);
+       res->data = kmemdup(p, len, GFP_KERNEL);
        if (unlikely(res->data == NULL))
                return ERR_PTR(-ENOMEM);
-       memcpy(res->data, p, len);
        res->len = len;
        return q;
 }
@@ -130,6 +129,7 @@ gss_import_sec_context_kerberos(const void *p,
 {
        const void *end = (const void *)((const char *)p + len);
        struct  krb5_ctx *ctx;
+       int tmp;
 
        if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
                goto out_err;
@@ -137,18 +137,27 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, &ctx->seed_init, sizeof(ctx->seed_init));
-       if (IS_ERR(p))
+       /* The downcall format was designed before we completely understood
+        * the uses of the context fields; so it includes some stuff we
+        * just give some minimal sanity-checking, and some we ignore
+        * completely (like the next twenty bytes): */
+       if (unlikely(p + 20 > end || p + 20 < p))
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
+       p += 20;
+       p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
-       if (IS_ERR(p))
+       if (tmp != SGN_ALG_DES_MAC_MD5) {
+               p = ERR_PTR(-ENOSYS);
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
+       }
+       p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;
+       if (tmp != SEAL_ALG_DES) {
+               p = ERR_PTR(-ENOSYS);
+               goto out_err_free_ctx;
+       }
        p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
        if (IS_ERR(p))
                goto out_err_free_ctx;
@@ -170,7 +179,8 @@ gss_import_sec_context_kerberos(const void *p,
        }
 
        ctx_id->internal_ctx_id = ctx;
-       dprintk("RPC:      Successfully imported new context.\n");
+
+       dprintk("RPC:       Successfully imported new context.\n");
        return 0;
 
 out_err_free_key2:
@@ -195,7 +205,7 @@ gss_delete_sec_context_kerberos(void *internal_ctx) {
        kfree(kctx);
 }
 
-static struct gss_api_ops gss_kerberos_ops = {
+static const struct gss_api_ops gss_kerberos_ops = {
        .gss_import_sec_context = gss_import_sec_context_kerberos,
        .gss_get_mic            = gss_get_mic_kerberos,
        .gss_verify_mic         = gss_verify_mic_kerberos,
@@ -225,6 +235,7 @@ static struct pf_desc gss_kerberos_pfs[] = {
 static struct gss_api_mech gss_kerberos_mech = {
        .gm_name        = "krb5",
        .gm_owner       = THIS_MODULE,
+       .gm_oid         = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
        .gm_ops         = &gss_kerberos_ops,
        .gm_pf_num      = ARRAY_SIZE(gss_kerberos_pfs),
        .gm_pfs         = gss_kerberos_pfs,