p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
if (IS_ERR(p))
goto out_err_free_ctx;
- p = simple_get_bytes(p, end, &ctx->seed_init, sizeof(ctx->seed_init));
- if (IS_ERR(p))
- goto out_err_free_ctx;
- p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
- if (IS_ERR(p))
+ /* The downcall format was designed before we completely understood
+ * the uses of the context fields; so it includes some stuff we
+ * just give some minimal sanity-checking, and some we ignore
+ * completely (like the next twenty bytes): */
+ if (unlikely(p + 20 > end || p + 20 < p))
goto out_err_free_ctx;
+ p += 20;
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
- if (tmp != SGN_ALG_DES_MAC_MD5)
+ if (tmp != SGN_ALG_DES_MAC_MD5) {
+ p = ERR_PTR(-ENOSYS);
goto out_err_free_ctx;
+ }
p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
if (IS_ERR(p))
goto out_err_free_ctx;
- if (tmp != SEAL_ALG_DES)
+ if (tmp != SEAL_ALG_DES) {
+ p = ERR_PTR(-ENOSYS);
goto out_err_free_ctx;
+ }
p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
if (IS_ERR(p))
goto out_err_free_ctx;
}
ctx_id->internal_ctx_id = ctx;
- dprintk("RPC: Successfully imported new context.\n");
+
+ dprintk("RPC: Successfully imported new context.\n");
return 0;
out_err_free_key2:
kfree(kctx);
}
-static struct gss_api_ops gss_kerberos_ops = {
+static const struct gss_api_ops gss_kerberos_ops = {
.gss_import_sec_context = gss_import_sec_context_kerberos,
.gss_get_mic = gss_get_mic_kerberos,
.gss_verify_mic = gss_verify_mic_kerberos,
static struct gss_api_mech gss_kerberos_mech = {
.gm_name = "krb5",
.gm_owner = THIS_MODULE,
+ .gm_oid = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"},
.gm_ops = &gss_kerberos_ops,
.gm_pf_num = ARRAY_SIZE(gss_kerberos_pfs),
.gm_pfs = gss_kerberos_pfs,
projects / linux-2.6 / blobdiff