summaryrefslogtreecommitdiffstats
path: root/fs/cifs/sess.c
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2008-08-26 02:37:14 +0200
committerSteve French <sfrench@us.ibm.com>2008-08-26 02:37:14 +0200
commit6ce5eecb9cd3ac97b952c50309b87c31488a45e9 (patch)
tree5d28ff051283462f6c927ae87c094b568fb5b1e9 /fs/cifs/sess.c
parent[CIFS] Kerberos support not considered experimental anymore (diff)
downloadlinux-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.tar.xz
linux-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.zip
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response even though one is provided. Jeff and Q have made the corresponding change to the Samba client (cifs.upcall). Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r--fs/cifs/sess.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 3188e4d9cddb..b537fad3bf50 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
}
msg = spnego_key->payload.data;
+ /* check version field to make sure that cifs.upcall is
+ sending us a response in an expected form */
+ if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
+ cERROR(1, ("incorrect version of cifs.upcall (expected"
+ " %d but got %d)",
+ CIFS_SPNEGO_UPCALL_VERSION, msg->version));
+ rc = -EKEYREJECTED;
+ goto ssetup_exit;
+ }
/* bail out if key is too long */
if (msg->sesskey_len >
sizeof(ses->server->mac_signing_key.data.krb5)) {