| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1496909977.929.193.camel@redhat.com>
Date: Thu, 08 Jun 2017 04:19:37 -0400
From: Simo Sorce <simo@...hat.com>
To: Willy Tarreau <w@....eu>, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, linux@...ck-us.net
Cc: "J. Bruce Fields" <bfields@...hat.com>
Subject: Re: [PATCH 3.10 112/250] svcrpc: fix oops in absence of krb5 module
On Thu, 2017-06-08 at 00:58 +0200, Willy Tarreau wrote:
> From: "J. Bruce Fields" <bfields@...hat.com>
>
> commit 034dd34ff4916ec1f8f74e39ca3efb04eab2f791 upstream.
>
> Olga Kornievskaia says: "I ran into this oops in the nfsd (below)
> (4.10-rc3 kernel). To trigger this I had a client (unsuccessfully)
> try
> to mount the server with krb5 where the server doesn't have the
> rpcsec_gss_krb5 module built."
>
> The problem is that rsci.cred is copied from a svc_cred structure
> that
> gss_proxy didn't properly initialize. Fix that.
Nice catch!
Ack.
Simo.
> [120408.542387] general protection fault: 0000 [#1] SMP
> ...
> [120408.565724] CPU: 0 PID: 3601 Comm: nfsd Not tainted 4.10.0-rc3+
> #16
> [120408.567037] Hardware name: VMware, Inc. VMware Virtual =
> Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
> [120408.569225] task: ffff8800776f95c0 task.stack: ffffc90003d58000
> [120408.570483] RIP: 0010:gss_mech_put+0xb/0x20 [auth_rpcgss]
> ...
> [120408.584946] ? rsc_free+0x55/0x90 [auth_rpcgss]
> [120408.585901] gss_proxy_save_rsc+0xb2/0x2a0 [auth_rpcgss]
> [120408.587017] svcauth_gss_proxy_init+0x3cc/0x520 [auth_rpcgss]
> [120408.588257] ? __enqueue_entity+0x6c/0x70
> [120408.589101] svcauth_gss_accept+0x391/0xb90 [auth_rpcgss]
> [120408.590212] ? try_to_wake_up+0x4a/0x360
> [120408.591036] ? wake_up_process+0x15/0x20
> [120408.592093] ? svc_xprt_do_enqueue+0x12e/0x2d0 [sunrpc]
> [120408.593177] svc_authenticate+0xe1/0x100 [sunrpc]
> [120408.594168] svc_process_common+0x203/0x710 [sunrpc]
> [120408.595220] svc_process+0x105/0x1c0 [sunrpc]
> [120408.596278] nfsd+0xe9/0x160 [nfsd]
> [120408.597060] kthread+0x101/0x140
> [120408.597734] ? nfsd_destroy+0x60/0x60 [nfsd]
> [120408.598626] ? kthread_park+0x90/0x90
> [120408.599448] ret_from_fork+0x22/0x30
>
> Fixes: 1d658336b05f "SUNRPC: Add RPC based upcall mechanism for
> RPCGSS auth"
> Cc: Simo Sorce <simo@...hat.com>
> Reported-by: Olga Kornievskaia <kolga@...app.com>
> Tested-by: Olga Kornievskaia <kolga@...app.com>
> Signed-off-by: J. Bruce Fields <bfields@...hat.com>
> Signed-off-by: Willy Tarreau <w@....eu>
> ---
> net/sunrpc/auth_gss/gss_rpc_xdr.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c
> b/net/sunrpc/auth_gss/gss_rpc_xdr.c
> index e0062c5..a9ca705 100644
> --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
> +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
> @@ -260,7 +260,7 @@ static int gssx_dec_option_array(struct
> xdr_stream *xdr,
> if (!oa->data)
> return -ENOMEM;
>
> - creds = kmalloc(sizeof(struct svc_cred), GFP_KERNEL);
> + creds = kzalloc(sizeof(struct svc_cred), GFP_KERNEL);
> if (!creds) {
> kfree(oa->data);
> return -ENOMEM;
Powered by blists - more mailing lists