Commit ce8477e1 authored by Bian Naimeng's avatar Bian Naimeng Committed by Trond Myklebust

gss:krb5 miss returning error to caller when import security context

krb5 miss returning error to up layer when import security context,
it may be return ok though it has failed to import security context.
Signed-off-by: default avatarBian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent b1bde04c
...@@ -237,6 +237,7 @@ get_key(const void *p, const void *end, ...@@ -237,6 +237,7 @@ get_key(const void *p, const void *end,
if (!supported_gss_krb5_enctype(alg)) { if (!supported_gss_krb5_enctype(alg)) {
printk(KERN_WARNING "gss_kerberos_mech: unsupported " printk(KERN_WARNING "gss_kerberos_mech: unsupported "
"encryption key algorithm %d\n", alg); "encryption key algorithm %d\n", alg);
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
} }
p = simple_get_netobj(p, end, &key); p = simple_get_netobj(p, end, &key);
...@@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx) ...@@ -282,15 +283,19 @@ gss_import_v1_context(const void *p, const void *end, struct krb5_ctx *ctx)
ctx->enctype = ENCTYPE_DES_CBC_RAW; ctx->enctype = ENCTYPE_DES_CBC_RAW;
ctx->gk5e = get_gss_krb5_enctype(ctx->enctype); ctx->gk5e = get_gss_krb5_enctype(ctx->enctype);
if (ctx->gk5e == NULL) if (ctx->gk5e == NULL) {
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
}
/* The downcall format was designed before we completely understood /* The downcall format was designed before we completely understood
* the uses of the context fields; so it includes some stuff we * the uses of the context fields; so it includes some stuff we
* just give some minimal sanity-checking, and some we ignore * just give some minimal sanity-checking, and some we ignore
* completely (like the next twenty bytes): */ * completely (like the next twenty bytes): */
if (unlikely(p + 20 > end || p + 20 < p)) if (unlikely(p + 20 > end || p + 20 < p)) {
p = ERR_PTR(-EFAULT);
goto out_err; goto out_err;
}
p += 20; p += 20;
p = simple_get_bytes(p, end, &tmp, sizeof(tmp)); p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p)) if (IS_ERR(p))
...@@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, ...@@ -619,6 +624,7 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
if (ctx->seq_send64 != ctx->seq_send) { if (ctx->seq_send64 != ctx->seq_send) {
dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__, dprintk("%s: seq_send64 %lx, seq_send %x overflow?\n", __func__,
(long unsigned)ctx->seq_send64, ctx->seq_send); (long unsigned)ctx->seq_send64, ctx->seq_send);
p = ERR_PTR(-EINVAL);
goto out_err; goto out_err;
} }
p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype)); p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment