From: NeilBrown <neilb@suse.de>
Subject: kabi fix for sunrpc-clean-up-properly-in-gss_mech_unregister
Patch-mainline: never, kabi
References: bsc#1171219, CVE-2020-12656
Restore svcauth_gss_register_pseudoflavor() to return an int,
and repeat the domain lookup in gss_mech_svc_setup() to get
the needed domain pointer.
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: NeilBrown <neilb@suse.com>
---
include/linux/sunrpc/gss_api.h | 2 ++
include/linux/sunrpc/svcauth_gss.h | 4 ++--
net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++---
net/sunrpc/auth_gss/svcauth_gss.c | 6 +++---
4 files changed, 16 insertions(+), 8 deletions(-)
--- a/include/linux/sunrpc/gss_api.h
+++ b/include/linux/sunrpc/gss_api.h
@@ -83,7 +83,9 @@ struct pf_desc {
char *name;
char *auth_domain_name;
bool datatouch;
+#ifndef __GENKSYMS__
struct auth_domain *domain;
+#endif
};
/* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
--- a/include/linux/sunrpc/svcauth_gss.h
+++ b/include/linux/sunrpc/svcauth_gss.h
@@ -20,8 +20,8 @@ int gss_svc_init(void);
void gss_svc_shutdown(void);
int gss_svc_init_net(struct net *net);
void gss_svc_shutdown_net(struct net *net);
-struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
- char *name);
+int svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
+ char *name);
u32 svcauth_gss_flavor(struct auth_domain *dom);
#endif /* __KERNEL__ */
--- a/net/sunrpc/auth_gss/gss_mech_switch.c
+++ b/net/sunrpc/auth_gss/gss_mech_switch.c
@@ -95,12 +95,18 @@ gss_mech_svc_setup(struct gss_api_mech *
status = -ENOMEM;
if (pf->auth_domain_name == NULL)
goto out;
- dom = svcauth_gss_register_pseudoflavor(
+ status = svcauth_gss_register_pseudoflavor(
pf->pseudoflavor, pf->auth_domain_name);
- if (IS_ERR(dom)) {
- status = PTR_ERR(dom);
+ if (status)
+ goto out;
+ dom = auth_domain_lookup(pf->auth_domain_name, NULL);
+ if (!dom) {
+ /* Should be impossible */
+ status = -ENOMEM;
goto out;
}
+ /* we got an extra reference - drop it */
+ auth_domain_put(dom);
pf->domain = dom;
}
return 0;
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -779,7 +779,7 @@ u32 svcauth_gss_flavor(struct auth_domai
EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
-struct auth_domain *
+int
svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
{
struct gss_domain *new;
@@ -804,14 +804,14 @@ svcauth_gss_register_pseudoflavor(u32 ps
auth_domain_put(test);
goto out_free_name;
}
- return test;
+ return 0;
out_free_name:
kfree(new->h.name);
out_free_dom:
kfree(new);
out:
- return ERR_PTR(stat);
+ return stat;
}
EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);