SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_null_accept()
authorChuck Lever <chuck.lever@oracle.com>
Sun, 8 Jan 2023 16:29:57 +0000 (11:29 -0500)
committerChuck Lever <chuck.lever@oracle.com>
Mon, 20 Feb 2023 14:20:28 +0000 (09:20 -0500)
Done as part of hardening the server-side RPC header encoding path.

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
net/sunrpc/svcauth_unix.c

index 6281d23f98bffa94b56c48f5f8ba7e9a60eeada1..b24d6c75588fcff90e83ba31f3c86516cee012a2 100644 (file)
@@ -744,7 +744,6 @@ EXPORT_SYMBOL_GPL(svcauth_unix_set_client);
 static int
 svcauth_null_accept(struct svc_rqst *rqstp)
 {
-       struct kvec     *resv = &rqstp->rq_res.head[0];
        struct xdr_stream *xdr = &rqstp->rq_arg_stream;
        struct svc_cred *cred = &rqstp->rq_cred;
        u32 flavor, len;
@@ -773,12 +772,12 @@ svcauth_null_accept(struct svc_rqst *rqstp)
        if (cred->cr_group_info == NULL)
                return SVC_CLOSE; /* kmalloc failure - client must retry */
 
-       /* Put NULL verifier */
-       svc_putnl(resv, RPC_AUTH_NULL);
-       svc_putnl(resv, 0);
+       svcxdr_init_encode(rqstp);
+       if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream,
+                                         RPC_AUTH_NULL, NULL, 0) < 0)
+               return SVC_CLOSE;
 
        rqstp->rq_cred.cr_flavor = RPC_AUTH_NULL;
-       svcxdr_init_encode(rqstp);
        return SVC_OK;
 }