From patchwork Wed Jun 25 11:02:59 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kinglong Mee <kinglongmee@gmail.com>
X-Patchwork-Id: 4419541
Return-Path: <linux-nfs-owner@kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id BD0079F26E
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 25 Jun 2014 11:03:37 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id A930020254
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 25 Jun 2014 11:03:36 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 0DFCF201EF
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Wed, 25 Jun 2014 11:03:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752789AbaFYLDa (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Wed, 25 Jun 2014 07:03:30 -0400
Received: from mail-pa0-f42.google.com ([209.85.220.42]:39072 "EHLO
	mail-pa0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751413AbaFYLD3 (ORCPT
	<rfc822; linux-nfs@vger.kernel.org>); Wed, 25 Jun 2014 07:03:29 -0400
Received: by mail-pa0-f42.google.com with SMTP id lj1so1597909pab.29
	for <linux-nfs@vger.kernel.org>; Wed, 25 Jun 2014 04:03:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:content-type:content-transfer-encoding;
	bh=qoBcMlqd+kEIEiioqr7tV+lwIlSoshdRaL2abC3+als=;
	b=0s/jLOah63XJnDfiWFLTsJ0d2LrKZa4c/oY4nCXY7HSrSaNs9Po+Uy/rP6Jjs5poeV
	Nzqxz/MduuryreC7LcMcwgPupQo1rJKXithZX/XxcHT0oHTFqgLtpTXAYmGGwGr3MUVf
	Ill/296VN6Ga5pYfwxB5WTYfEnqJZ7wQIp3Sx2ZufDnq9I+XS+zrQa/+k+6NRA+WW5NG
	eR+J1dezs8zyYZgdQuspDd2eqrisKtd3Iie0aVLRroMx7EXG2kZBlEagNi4+7srVuxdD
	y1EB78DZN6MeoCkZMkw+dMVZqU+EejRua74ujbCUiLUjIlwhH6hzL6ZhAz4OWVfpz59T
	XvUQ==
X-Received: by 10.66.184.175 with SMTP id
	ev15mr10404194pac.146.1403694209157;
	Wed, 25 Jun 2014 04:03:29 -0700 (PDT)
Received: from [192.168.0.100] ([171.215.227.43])
	by mx.google.com with ESMTPSA id
	py7sm4706393pbb.78.2014.06.25.04.03.21 for <multiple recipients>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Wed, 25 Jun 2014 04:03:28 -0700 (PDT)
Message-ID: <53AAAC63.5040307@gmail.com>
Date: Wed, 25 Jun 2014 19:02:59 +0800
From: Kinglong Mee <kinglongmee@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "J. Bruce Fields" <bfields@fieldses.org>
CC: Linux NFS Mailing List <linux-nfs@vger.kernel.org>, kinglongmee@gmail.com
Subject: [PATCH 4/4] NFSD: Add missing checking of authentication name
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 fs/nfsd/nfs4idmap.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
index dc948f6..e1b3d3d 100644
--- a/fs/nfsd/nfs4idmap.c
+++ b/fs/nfsd/nfs4idmap.c
@@ -215,7 +215,8 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 	memset(&ent, 0, sizeof(ent));
 
 	/* Authentication name */
-	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
+	len = qword_get(&buf, buf1, PAGE_SIZE);
+	if (len <= 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	memcpy(ent.authname, buf1, sizeof(ent.authname));
 
@@ -245,12 +246,10 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 	/* Name */
 	error = -EINVAL;
 	len = qword_get(&buf, buf1, PAGE_SIZE);
-	if (len < 0)
+	if (len < 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	if (len == 0)
 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
-	else if (len >= IDMAP_NAMESZ)
-		goto out;
 	else
 		memcpy(ent.name, buf1, sizeof(ent.name));
 	error = -ENOMEM;
@@ -259,15 +258,12 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 		goto out;
 
 	cache_put(&res->h, cd);
-
 	error = 0;
 out:
 	kfree(buf1);
-
 	return error;
 }
 
-
 static struct ent *
 idtoname_lookup(struct cache_detail *cd, struct ent *item)
 {
@@ -381,7 +377,8 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
 	memset(&ent, 0, sizeof(ent));
 
 	/* Authentication name */
-	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
+	len = qword_get(&buf, buf1, PAGE_SIZE);
+	if (len <= 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	memcpy(ent.authname, buf1, sizeof(ent.authname));
 
@@ -421,7 +418,6 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
 	error = 0;
 out:
 	kfree(buf1);
-
 	return (error);
 }