q = (const void *)((const char *)p + len);
if (unlikely(q > end || q < p))
return ERR_PTR(-EFAULT);
- res->data = kmalloc(len, GFP_KERNEL);
+ res->data = kmemdup(p, len, GFP_KERNEL);
if (unlikely(res->data == NULL))
return ERR_PTR(-ENOMEM);
- memcpy(res->data, p, len);
res->len = len;
return q;
}
{
const void *end = (const void *)((const char *)p + len);
struct krb5_ctx *ctx;
+ int tmp;
if (!(ctx = kzalloc(sizeof(*ctx), GFP_KERNEL)))
goto out_err;
p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
if (IS_ERR(p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->seed_init, sizeof(ctx->seed_init));
- if (IS_ERR(p))
+ /* The downcall format was designed before we completely understood
+ * the uses of the context fields; so it includes some stuff we
+ * just give some minimal sanity-checking, and some we ignore
+ * completely (like the next twenty bytes): */
+ if (unlikely(p + 20 > end || p + 20 < p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
+ p += 20;
+ p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->signalg, sizeof(ctx->signalg));
- if (IS_ERR(p))
+ if (tmp != SGN_ALG_DES_MAC_MD5) {
+ p = ERR_PTR(-ENOSYS);
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->sealalg, sizeof(ctx->sealalg));
+ }
+ p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
+ if (tmp != SEAL_ALG_DES) {
+ p = ERR_PTR(-ENOSYS);
+ goto out_err_free_ctx;
+ }
p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
if (IS_ERR(p))
goto out_err_free_ctx;
}
ctx_id->internal_ctx_id = ctx;
- dprintk("RPC: Successfully imported new context.\n");
+
+ dprintk("RPC: Successfully imported new context.\n");
return 0;
out_err_free_key2:
kfree(kctx);
}
-static struct gss_api_ops gss_kerberos_ops = {
+static const struct gss_api_ops gss_kerberos_ops = {
.gss_import_sec_context = gss_import_sec_context_kerberos,
.gss_get_mic = gss_get_mic_kerberos,
.gss_verify_mic = gss_verify_mic_kerberos,
static struct gss_api_mech gss_kerberos_mech = {
.gm_name = "krb5",
.gm_owner = THIS_MODULE,
+ .gm_oid = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
.gm_ops = &gss_kerberos_ops,
.gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs),
.gm_pfs = gss_kerberos_pfs,