[PATCH]Fix rpcauth in 2.2.18pre (was Re: bug in rpc code)

Fri, 13 Oct 2000 02:27:44 -0700 

>>>>> " " == Hai-Pao Fan <[EMAIL PROTECTED]> writes:

     > Problem:

     > A returned address from kmalloc() can be overwritten to a wrong
     > place in rpcauth_lookup_credcache() routine.


Hi Alan,

  The following patch fixes the bug in 2.2.18pre. As reported in the
2.4.0 patch on l-k, the problem is to fix both an uninitialized hash
value in auth_null.c, and the use of '%' on signed values in the
rpcauth hashing algorithm.

Cheers,
  Trond

diff -u --recursive --new-file linux-2.2.18pre15/include/linux/sunrpc/auth.h 
linux-2.2.18pre15_fixed/include/linux/sunrpc/auth.h
--- linux-2.2.18pre15/include/linux/sunrpc/auth.h       Fri Oct 13 11:00:28 2000
+++ linux-2.2.18pre15_fixed/include/linux/sunrpc/auth.h Fri Oct 13 11:02:32 2000
@@ -38,6 +38,7 @@
  * Client authentication handle
  */
 #define RPC_CREDCACHE_NR       8
+#define RPC_CREDCACHE_MASK     (RPC_CREDCACHE_NR - 1)
 struct rpc_auth {
        struct rpc_cred *       au_credcache[RPC_CREDCACHE_NR];
        unsigned long           au_expire;      /* cache expiry interval */
diff -u --recursive --new-file linux-2.2.18pre15/net/sunrpc/auth.c 
linux-2.2.18pre15_fixed/net/sunrpc/auth.c
--- linux-2.2.18pre15/net/sunrpc/auth.c Fri Oct 13 11:00:34 2000
+++ linux-2.2.18pre15_fixed/net/sunrpc/auth.c   Fri Oct 13 11:04:42 2000
@@ -147,7 +147,7 @@
 {
        int             nr;
 
-       nr = (cred->cr_uid % RPC_CREDCACHE_NR);
+       nr = (cred->cr_uid & RPC_CREDCACHE_MASK);
        cred->cr_next = auth->au_credcache[nr];
        auth->au_credcache[nr] = cred;
        cred->cr_count++;
@@ -164,7 +164,7 @@
        int             nr = 0;
 
        if (!(taskflags & RPC_TASK_ROOTCREDS))
-               nr = current->uid % RPC_CREDCACHE_NR;
+               nr = current->uid & RPC_CREDCACHE_MASK;
 
        if (time_before(auth->au_nextgc, jiffies))
                rpcauth_gc_credcache(auth);
@@ -197,7 +197,7 @@
        struct rpc_cred **q, *cr;
        int             nr;
 
-       nr = (cred->cr_uid % RPC_CREDCACHE_NR);
+       nr = (cred->cr_uid & RPC_CREDCACHE_MASK);
        q = &auth->au_credcache[nr];
        while ((cr = *q) != NULL) {
                if (cred == cr) {
diff -u --recursive --new-file linux-2.2.18pre15/net/sunrpc/auth_null.c 
linux-2.2.18pre15_fixed/net/sunrpc/auth_null.c
--- linux-2.2.18pre15/net/sunrpc/auth_null.c    Fri Oct 13 11:00:34 2000
+++ linux-2.2.18pre15_fixed/net/sunrpc/auth_null.c      Fri Oct 13 11:02:32 2000
@@ -54,6 +54,7 @@
                return NULL;
        cred->cr_count = 0;
        cred->cr_flags = RPCAUTH_CRED_UPTODATE;
+       cred->cr_uid = current->uid;
 
        return cred;
 }
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

Reply via email to