| Message ID | 41011674.48947.1401180626967.JavaMail.zimbra@opinsys.fi (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, 27 May 2014 08:50:26 +0000 (UTC) Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> wrote: > > In commit 51fda07a "gssd: scrape the acceptor name out of the context" > the allocated buffer size is not large enough to hold the actual data > that is written to the buffer. This fixes the allocated buffer size. > > Signed-off-by: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> > --- > utils/gssd/gssd_proc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 69bb3c6..40ff188 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -696,7 +696,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, > buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) + > sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length + > sizeof(context_token->length) + context_token->length + > - acceptor->length; > + sizeof(acceptor->length) + acceptor->length; > p = buf = malloc(buf_size); > if (!buf) > goto out_err; Nice catch... Reviewed-by: Jeff Layton <jlayton@poochiereds.net> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 05/27/2014 04:50 AM, Veli-Matti Lintu wrote: > > In commit 51fda07a "gssd: scrape the acceptor name out of the context" > the allocated buffer size is not large enough to hold the actual data > that is written to the buffer. This fixes the allocated buffer size. > > Signed-off-by: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> Committed.. steved. > --- > utils/gssd/gssd_proc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 69bb3c6..40ff188 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -696,7 +696,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, > buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) + > sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length + > sizeof(context_token->length) + context_token->length + > - acceptor->length; > + sizeof(acceptor->length) + acceptor->length; > p = buf = malloc(buf_size); > if (!buf) > goto out_err; > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 69bb3c6..40ff188 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -696,7 +696,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, buf_size = sizeof(uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) + sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length + sizeof(context_token->length) + context_token->length + - acceptor->length; + sizeof(acceptor->length) + acceptor->length; p = buf = malloc(buf_size); if (!buf) goto out_err;
In commit 51fda07a "gssd: scrape the acceptor name out of the context" the allocated buffer size is not large enough to hold the actual data that is written to the buffer. This fixes the allocated buffer size. Signed-off-by: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi> --- utils/gssd/gssd_proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)