From: NeilBrown <neilb@suse.de>
Subject: kabi fix for sunrpc-clean-up-properly-in-gss_mech_unregister
Patch-mainline: never, kabi
References: bsc#1171219, CVE-2020-12656
Restore svcauth_gss_register_pseudoflavor() to return an int,
and repeat the domain lookup in gss_mech_svc_setup() to get
the needed domain pointer.
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: NeilBrown <neilb@suse.com>
---
include/linux/sunrpc/gss_api.h | 4 +++-
include/linux/sunrpc/svcauth_gss.h | 4 ++--
net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++---
net/sunrpc/auth_gss/svcauth_gss.c | 6 +++---
4 files changed, 17 insertions(+), 9 deletions(-)
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -83,8 +83,10 @@ struct pf_desc {
u32 service;
char *name;
char *auth_domain_name;
- struct auth_domain *domain;
bool datatouch;
+#ifndef __GENKSYMS__
+ struct auth_domain *domain;
+#endif
};
/* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -21,8 +21,8 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int gss_svc_init_net(struct net *net);
void gss_svc_shutdown_net(struct net *net);
-struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
- char *name);
+int svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
+ char *name);
u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -71,12 +71,18 @@ gss_mech_svc_setup(struct gss_api_mech *
status = -ENOMEM;
if (pf->auth_domain_name == NULL)
goto out;
- dom = svcauth_gss_register_pseudoflavor(
+ status = svcauth_gss_register_pseudoflavor(
pf->pseudoflavor, pf->auth_domain_name);
- if (IS_ERR(dom)) {
- status = PTR_ERR(dom);
+ if (status)
+ goto out;
+ dom = auth_domain_lookup(pf->auth_domain_name, NULL);
+ if (!dom) {
+ /* Should be impossible */
+ status = -ENOMEM;
goto out;
}
+ /* we got an extra reference - drop it */
+ auth_domain_put(dom);
pf->domain = dom;
}
return 0;
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -803,7 +803,7 @@ u32 svcauth_gss_flavor(struct auth_domai
EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
-struct auth_domain *
+int
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
struct gss_domain *new;
@@ -828,14 +828,14 @@ svcauth_gss_register_pseudoflavor(u32 ps
auth_domain_put(test);
goto out_free_name;
}
- return test;
+ return 0;
out_free_name:
kfree(new->h.name);
out_free_dom:
kfree(new);
out:
- return ERR_PTR(stat);
+ return stat;
}
EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);