diff options
author | J. Bruce Fields <bfields@redhat.com> | 2013-04-29 18:21:29 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2013-04-29 18:21:29 -0400 |
commit | d28fcc830c2eadc526e43b0a5f6d2ed04e7421ef (patch) | |
tree | af8c781e8060011a688edb0e42f3c687389d32e1 | |
parent | 6278b62aa8f90c668a4e4b94ad9d3952cf4331b7 (diff) |
svcrpc: fix gss-proxy to respect user namespaces
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r-- | net/sunrpc/auth_gss/gss_rpc_xdr.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/net/sunrpc/auth_gss/gss_rpc_xdr.c b/net/sunrpc/auth_gss/gss_rpc_xdr.c index d0ccdffa7e54..5c4c61d527e2 100644 --- a/net/sunrpc/auth_gss/gss_rpc_xdr.c +++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c @@ -216,13 +216,13 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, err = get_s32(&q, end, &tmp); if (err) return err; - creds->cr_uid = tmp; + creds->cr_uid = make_kuid(&init_user_ns, tmp); /* gid */ err = get_s32(&q, end, &tmp); if (err) return err; - creds->cr_gid = tmp; + creds->cr_gid = make_kgid(&init_user_ns, tmp); /* number of additional gid's */ err = get_s32(&q, end, &tmp); @@ -235,15 +235,21 @@ static int gssx_dec_linux_creds(struct xdr_stream *xdr, /* gid's */ for (i = 0; i < N; i++) { + kgid_t kgid; err = get_s32(&q, end, &tmp); - if (err) { - groups_free(creds->cr_group_info); - return err; - } - GROUP_AT(creds->cr_group_info, i) = tmp; + if (err) + goto out_free_groups; + err = -EINVAL; + kgid = make_kgid(&init_user_ns, tmp); + if (!gid_valid(kgid)) + goto out_free_groups; + GROUP_AT(creds->cr_group_info, i) = kgid; } return 0; +out_free_groups: + groups_free(creds->cr_group_info); + return err; } static int gssx_dec_option_array(struct xdr_stream *xdr, |