nfsd: fix unlikely NULL deref in mach_creds_match

We really shouldn't allow a client to be created with cl_mach_cred set
unless it also has a principal name.

This also allows us to fail such cases immediately on EXCHANGE_ID as
opposed to waiting and incorrectly returning WRONG_CRED on the following
CREATE_SESSION.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
This commit is contained in:
J. Bruce Fields 2015-11-20 16:42:40 -05:00
parent 50c7b948ad
commit 920dd9bb7d
1 changed files with 9 additions and 0 deletions

View File

@ -2385,6 +2385,15 @@ nfsd4_exchange_id(struct svc_rqst *rqstp,
status = nfserr_inval;
goto out_nolock;
}
/*
* Sometimes userspace doesn't give us a principal.
* Which is a bug, really. Anyway, we can't enforce
* MACH_CRED in that case, better to give up now:
*/
if (!new->cl_cred.cr_principal) {
status = nfserr_serverfault;
goto out_nolock;
}
new->cl_mach_cred = true;
case SP4_NONE:
break;