diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-02 12:03:04 +0100 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2013-02-13 15:15:26 +0100 |
commit | f025adf191924e3a75ce80e130afcd2485b53bb8 (patch) | |
tree | 5cb0782640600a5df5ea067943ce77bffddcecf4 /net/sunrpc/svcauth_unix.c | |
parent | sunrpc: Properly encode kuids and kgids in auth.unix.gid rpc pipe upcalls. (diff) | |
download | linux-f025adf191924e3a75ce80e130afcd2485b53bb8.tar.xz linux-f025adf191924e3a75ce80e130afcd2485b53bb8.zip |
sunrpc: Properly decode kuids and kgids in RPC_AUTH_UNIX credentials
When reading kuids from the wire map them into the initial user
namespace, and validate the mapping succeded.
When reading kgids from the wire map them into the initial user
namespace, and validate the mapping succeded.
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'net/sunrpc/svcauth_unix.c')
-rw-r--r-- | net/sunrpc/svcauth_unix.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index bdea0a1b6d1d..a1852e19ed0c 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -821,8 +821,10 @@ svcauth_unix_accept(struct svc_rqst *rqstp, __be32 *authp) argv->iov_base = (void*)((__be32*)argv->iov_base + slen); /* skip machname */ argv->iov_len -= slen*4; - cred->cr_uid = svc_getnl(argv); /* uid */ - cred->cr_gid = svc_getnl(argv); /* gid */ + cred->cr_uid = make_kuid(&init_user_ns, svc_getnl(argv)); /* uid */ + cred->cr_gid = make_kgid(&init_user_ns, svc_getnl(argv)); /* gid */ + if (!uid_valid(cred->cr_uid) || !gid_valid(cred->cr_gid)) + goto badcred; slen = svc_getnl(argv); /* gids length */ if (slen > 16 || (len -= (slen + 2)*4) < 0) goto badcred; |