git.maquefel.me Git - linux.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Fri, 24 Jul 2020 21:08:57 +0000 (17:08 -0400)
committer	Chuck Lever <chuck.lever@oracle.com>
	Fri, 24 Jul 2020 21:10:23 +0000 (17:10 -0400)
commit	986a4b63d3bc5f2c0eb4083b05aff2bf883b7b2f
tree	e10a0734385d66e46ed12116a15f3c3676681021	tree \| snapshot
parent	df60446cd1fb487becd1f36f4c0da9e0e523c0cf	commit \| diff

SUNRPC: Fix ("SUNRPC: Add "@len" parameter to gss_unwrap()")

Braino when converting "buf->len -=" to "buf->len = len -".

The result is under-estimation of the ralign and rslack values. On
krb5p mounts, this has caused READDIR to fail with EIO, and KASAN
splats when decoding READLINK replies.

As a result of fixing this oversight, the gss_unwrap method now
returns a buf->len that can be shorter than priv_len for small
RPC messages. The additional adjustment done in unwrap_priv_data()
can underflow buf->len. This causes the nfsd_request_too_large
check to fail during some NFSv3 operations.

Reported-by: Marian Rainer-Harbach
Reported-by: Pierre Sauter <pierre.sauter@stwm.de>
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886277
Fixes: 31c9590ae468 ("SUNRPC: Add "@len" parameter to gss_unwrap()")
Reviewed-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

net/sunrpc/auth_gss/gss_krb5_wrap.c		diff \| blob \| history
net/sunrpc/auth_gss/svcauth_gss.c		diff \| blob \| history