From patchwork Tue Sep  2 14:14:31 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kinglong Mee <kinglongmee@gmail.com>
X-Patchwork-Id: 4826141
Return-Path: <linux-nfs-owner@kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id F39C5C0338
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  2 Sep 2014 14:14:53 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 754962016C
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  2 Sep 2014 14:14:52 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 3E9252009C
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  2 Sep 2014 14:14:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753626AbaIBOOu (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Tue, 2 Sep 2014 10:14:50 -0400
Received: from mail-pd0-f175.google.com ([209.85.192.175]:48455 "EHLO
	mail-pd0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753491AbaIBOOu (ORCPT
	<rfc822;linux-nfs@vger.kernel.org>); Tue, 2 Sep 2014 10:14:50 -0400
Received: by mail-pd0-f175.google.com with SMTP id ft15so8770323pdb.34
	for <linux-nfs@vger.kernel.org>; Tue, 02 Sep 2014 07:14:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:content-type:content-transfer-encoding;
	bh=qoBcMlqd+kEIEiioqr7tV+lwIlSoshdRaL2abC3+als=;
	b=qPGtPqzHe2cIMtlcNEiib/zPTz+7MLgtU3auhimsNMjunmTMJo6R7aM9XQaVkGoQzL
	WQpsysRNbfpYtLVPXneKZBhqEPAbcQp533RoJfnnkxgfCc+kNzQ5uHIO8kRD+Io4krzn
	UtBtKaQi8ts7+FEcOwuZ1F5KLywpiZu5VyMbH3BfqVtQVWLNeAsIc/aWgD9NQlaO46KR
	QbYCbG0pmOb7dQHWwNMhJrFGGyOmr72M4mHuVzXGQxRW0+SUxiJEum25sSOTSbP2dF9I
	5Uj/Bqzy0bS6zRkyflWKtR3wniXbQti1q5XvQ4hQAcFJ0D2uK8p1iOp+hE8wLN3Em+zH
	tgHA==
X-Received: by 10.66.227.225 with SMTP id sd1mr48264908pac.106.1409667289573;
	Tue, 02 Sep 2014 07:14:49 -0700 (PDT)
Received: from [192.168.0.100] ([171.92.20.104])
	by mx.google.com with ESMTPSA id
	xp1sm11926869pab.14.2014.09.02.07.14.46 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 02 Sep 2014 07:14:48 -0700 (PDT)
Message-ID: <5405D0C7.3080400@gmail.com>
Date: Tue, 02 Sep 2014 22:14:31 +0800
From: Kinglong Mee <kinglongmee@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "J. Bruce Fields" <bfields@fieldses.org>
CC: Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	Kinglong Mee <kinglongmee@gmail.com>
Subject: [PATCH 5/6] NFSD: Full checking of authentication name
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Spam-Status: No, score=-8.5 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 fs/nfsd/nfs4idmap.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
index dc948f6..e1b3d3d 100644
--- a/fs/nfsd/nfs4idmap.c
+++ b/fs/nfsd/nfs4idmap.c
@@ -215,7 +215,8 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 	memset(&ent, 0, sizeof(ent));
 
 	/* Authentication name */
-	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
+	len = qword_get(&buf, buf1, PAGE_SIZE);
+	if (len <= 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	memcpy(ent.authname, buf1, sizeof(ent.authname));
 
@@ -245,12 +246,10 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 	/* Name */
 	error = -EINVAL;
 	len = qword_get(&buf, buf1, PAGE_SIZE);
-	if (len < 0)
+	if (len < 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	if (len == 0)
 		set_bit(CACHE_NEGATIVE, &ent.h.flags);
-	else if (len >= IDMAP_NAMESZ)
-		goto out;
 	else
 		memcpy(ent.name, buf1, sizeof(ent.name));
 	error = -ENOMEM;
@@ -259,15 +258,12 @@ idtoname_parse(struct cache_detail *cd, char *buf, int buflen)
 		goto out;
 
 	cache_put(&res->h, cd);
-
 	error = 0;
 out:
 	kfree(buf1);
-
 	return error;
 }
 
-
 static struct ent *
 idtoname_lookup(struct cache_detail *cd, struct ent *item)
 {
@@ -381,7 +377,8 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
 	memset(&ent, 0, sizeof(ent));
 
 	/* Authentication name */
-	if (qword_get(&buf, buf1, PAGE_SIZE) <= 0)
+	len = qword_get(&buf, buf1, PAGE_SIZE);
+	if (len <= 0 || len >= IDMAP_NAMESZ)
 		goto out;
 	memcpy(ent.authname, buf1, sizeof(ent.authname));
 
@@ -421,7 +418,6 @@ nametoid_parse(struct cache_detail *cd, char *buf, int buflen)
 	error = 0;
 out:
 	kfree(buf1);
-
 	return (error);
 }