kernel / kernel-source

Clone
Source Code
GIT

Files

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   SLE12-SP5
  2.   patches.kabi
  3.   sunrpc-clean-up-properly-in-gss_mech_unregister.patch
Blob Blame History Raw 
From: NeilBrown <neilb@suse.de>
Subject: kabi fix for sunrpc-clean-up-properly-in-gss_mech_unregister
Patch-mainline: never, kabi
References: bsc#1171219, CVE-2020-12656

Restore svcauth_gss_register_pseudoflavor() to return an int,
and repeat the domain lookup in gss_mech_svc_setup() to get
the needed domain pointer.

Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: NeilBrown <neilb@suse.com>

---
 include/linux/sunrpc/gss_api.h        |    2 ++
 include/linux/sunrpc/svcauth_gss.h    |    4 ++--
 net/sunrpc/auth_gss/gss_mech_switch.c |   12 +++++++++---
 net/sunrpc/auth_gss/svcauth_gss.c     |    6 +++---
 4 files changed, 16 insertions(+), 8 deletions(-)

--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -83,7 +83,9 @@ struct pf_desc {
 	char	*name;
 	char	*auth_domain_name;
 	bool	datatouch;
+#ifndef __GENKSYMS__
 	struct auth_domain *domain;
+#endif
 };
 
 /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -20,8 +20,8 @@ int gss_svc_init(void);
 void gss_svc_shutdown(void);
 int gss_svc_init_net(struct net *net);
 void gss_svc_shutdown_net(struct net *net);
-struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
-						      char *name);
+int svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
+				      char *name);
 u32 svcauth_gss_flavor(struct auth_domain *dom);
 
 #endif /* __KERNEL__ */
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -95,12 +95,18 @@ gss_mech_svc_setup(struct gss_api_mech *
 		status = -ENOMEM;
 		if (pf->auth_domain_name == NULL)
 			goto out;
-		dom = svcauth_gss_register_pseudoflavor(
+		status = svcauth_gss_register_pseudoflavor(
 			pf->pseudoflavor, pf->auth_domain_name);
-		if (IS_ERR(dom)) {
-			status = PTR_ERR(dom);
+		if (status)
+			goto out;
+		dom = auth_domain_lookup(pf->auth_domain_name, NULL);
+		if (!dom) {
+			/* Should be impossible */
+			status = -ENOMEM;
 			goto out;
 		}
+		/* we got an extra reference - drop it */
+		auth_domain_put(dom);
 		pf->domain = dom;
 	}
 	return 0;
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -779,7 +779,7 @@ u32 svcauth_gss_flavor(struct auth_domai
 
 EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
 
-struct auth_domain *
+int
 svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
 {
 	struct gss_domain	*new;
@@ -804,14 +804,14 @@ svcauth_gss_register_pseudoflavor(u32 ps
 		auth_domain_put(test);
 		goto out_free_name;
 	}
-	return test;
+	return 0;
 
 out_free_name:
 	kfree(new->h.name);
 out_free_dom:
 	kfree(new);
 out:
-	return ERR_PTR(stat);
+	return stat;
 }
 EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.