nfsd: fix unlikely NULL deref in mach_creds_match
We really shouldn't allow a client to be created with cl_mach_cred set unless it also has a principal name. This also allows us to fail such cases immediately on EXCHANGE_ID as opposed to waiting and incorrectly returning WRONG_CRED on the following CREATE_SESSION. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
J. Bruce Fields
parent
50c7b948ad
commit
920dd9bb7d
1 changed files with 9 additions and 0 deletions
|
|
@ -2385,6 +2385,15 @@ nfsd4_exchange_id(struct svc_rqst *rqstp,
|
||||||
status = nfserr_inval;
|
status = nfserr_inval;
|
||||||
goto out_nolock;
|
goto out_nolock;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Sometimes userspace doesn't give us a principal.
|
||||||
|
* Which is a bug, really. Anyway, we can't enforce
|
||||||
|
* MACH_CRED in that case, better to give up now:
|
||||||
|
*/
|
||||||
|
if (!new->cl_cred.cr_principal) {
|
||||||
|
status = nfserr_serverfault;
|
||||||
|
goto out_nolock;
|
||||||
|
}
|
||||||
new->cl_mach_cred = true;
|
new->cl_mach_cred = true;
|
||||||
case SP4_NONE:
|
case SP4_NONE:
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue