nfsd: fix unlikely NULL deref in mach_creds_match
We really shouldn't allow a client to be created with cl_mach_cred set unless it also has a principal name. This also allows us to fail such cases immediately on EXCHANGE_ID as opposed to waiting and incorrectly returning WRONG_CRED on the following CREATE_SESSION. Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
50c7b948ad
commit
920dd9bb7d
@ -2385,6 +2385,15 @@ nfsd4_exchange_id(struct svc_rqst *rqstp,
|
||||
status = nfserr_inval;
|
||||
goto out_nolock;
|
||||
}
|
||||
/*
|
||||
* Sometimes userspace doesn't give us a principal.
|
||||
* Which is a bug, really. Anyway, we can't enforce
|
||||
* MACH_CRED in that case, better to give up now:
|
||||
*/
|
||||
if (!new->cl_cred.cr_principal) {
|
||||
status = nfserr_serverfault;
|
||||
goto out_nolock;
|
||||
}
|
||||
new->cl_mach_cred = true;
|
||||
case SP4_NONE:
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user