mirror of
https://github.com/torvalds/linux.git
synced 2024-11-27 14:41:39 +00:00
rpc: remove some BUG()s
It would be kinder to WARN() and recover in several spots here instead of BUG()ing. Also, it looks like the read_u32_from_xdr_buf() call could actually fail, though it might require a broken (or malicious) client, so convert that to just an error return. Reported-by: Weston Andros Adamson <dros@monkey.org> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
parent
0bad47cada
commit
1754eb2b27
@ -855,11 +855,13 @@ unwrap_integ_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct g
|
|||||||
return stat;
|
return stat;
|
||||||
if (integ_len > buf->len)
|
if (integ_len > buf->len)
|
||||||
return stat;
|
return stat;
|
||||||
if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len))
|
if (xdr_buf_subsegment(buf, &integ_buf, 0, integ_len)) {
|
||||||
BUG();
|
WARN_ON_ONCE(1);
|
||||||
|
return stat;
|
||||||
|
}
|
||||||
/* copy out mic... */
|
/* copy out mic... */
|
||||||
if (read_u32_from_xdr_buf(buf, integ_len, &mic.len))
|
if (read_u32_from_xdr_buf(buf, integ_len, &mic.len))
|
||||||
BUG();
|
return stat;
|
||||||
if (mic.len > RPC_MAX_AUTH_SIZE)
|
if (mic.len > RPC_MAX_AUTH_SIZE)
|
||||||
return stat;
|
return stat;
|
||||||
mic.data = kmalloc(mic.len, GFP_KERNEL);
|
mic.data = kmalloc(mic.len, GFP_KERNEL);
|
||||||
@ -1611,8 +1613,10 @@ svcauth_gss_wrap_resp_integ(struct svc_rqst *rqstp)
|
|||||||
BUG_ON(integ_len % 4);
|
BUG_ON(integ_len % 4);
|
||||||
*p++ = htonl(integ_len);
|
*p++ = htonl(integ_len);
|
||||||
*p++ = htonl(gc->gc_seq);
|
*p++ = htonl(gc->gc_seq);
|
||||||
if (xdr_buf_subsegment(resbuf, &integ_buf, integ_offset, integ_len))
|
if (xdr_buf_subsegment(resbuf, &integ_buf, integ_offset, integ_len)) {
|
||||||
BUG();
|
WARN_ON_ONCE(1);
|
||||||
|
goto out_err;
|
||||||
|
}
|
||||||
if (resbuf->tail[0].iov_base == NULL) {
|
if (resbuf->tail[0].iov_base == NULL) {
|
||||||
if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE > PAGE_SIZE)
|
if (resbuf->head[0].iov_len + RPC_MAX_AUTH_SIZE > PAGE_SIZE)
|
||||||
goto out_err;
|
goto out_err;
|
||||||
|
Loading…
Reference in New Issue
Block a user