1 From c0cb8bf3a8e4bd82e640862cdd8891400405cb89 Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Trnka?= <ttrnka@mail.muni.cz>
3 Date: Fri, 20 May 2016 16:41:10 +0200
4 Subject: sunrpc: fix stripping of padded MIC tokens
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 From: Tomáš Trnka <ttrnka@mail.muni.cz>
11 commit c0cb8bf3a8e4bd82e640862cdd8891400405cb89 upstream.
13 The length of the GSS MIC token need not be a multiple of four bytes.
14 It is then padded by XDR to a multiple of 4 B, but unwrap_integ_data()
15 would previously only trim mic.len + 4 B. The remaining up to three
16 bytes would then trigger a check in nfs4svc_decode_compoundargs(),
17 leading to a "garbage args" error and mount failure:
19 nfs4svc_decode_compoundargs: compound not properly padded!
20 nfsd: failed to decode arguments!
22 This would prevent older clients using the pre-RFC 4121 MIC format
23 (37-byte MIC including a 9-byte OID) from mounting exports from v3.9+
26 The trimming was introduced by commit 4c190e2f913f ("sunrpc: trim off
27 trailing checksum before returning decrypted or integrity authenticated
30 Fixes: 4c190e2f913f "unrpc: trim off trailing checksum..."
31 Signed-off-by: Tomáš Trnka <ttrnka@mail.muni.cz>
32 Acked-by: Jeff Layton <jlayton@poochiereds.net>
33 Signed-off-by: J. Bruce Fields <bfields@redhat.com>
34 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
37 net/sunrpc/auth_gss/svcauth_gss.c | 4 ++--
38 1 file changed, 2 insertions(+), 2 deletions(-)
40 --- a/net/sunrpc/auth_gss/svcauth_gss.c
41 +++ b/net/sunrpc/auth_gss/svcauth_gss.c
42 @@ -857,8 +857,8 @@ unwrap_integ_data(struct svc_rqst *rqstp
44 if (svc_getnl(&buf->head[0]) != seq)
46 - /* trim off the mic at the end before returning */
47 - xdr_buf_trim(buf, mic.len + 4);
48 + /* trim off the mic and padding at the end before returning */
49 + xdr_buf_trim(buf, round_up_to_quad(mic.len) + 4);
projects / thirdparty / kernel / stable-queue.git / blob