patch-2.3.99-pre7 linux/net/sunrpc/svcauth.c

Next file: linux/net/unix/af_unix.c
Previous file: linux/net/sunrpc/sched.c
Back to the patch index
Back to the overall index

diff -u --recursive --new-file v2.3.99-pre6/linux/net/sunrpc/svcauth.c linux/net/sunrpc/svcauth.c
@@ -4,6 +4,9 @@
  * The generic interface for RPC authentication on the server side.
  * 
  * Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
+ *
+ * CHANGES
+ * 19-Apr-2000 Chris Evans      - Security fix
  */
 
 #include <linux/types.h>
@@ -116,8 +119,8 @@
 	struct svc_buf	*argp = &rqstp->rq_argbuf;
 	struct svc_buf	*resp = &rqstp->rq_resbuf;
 	struct svc_cred	*cred = &rqstp->rq_cred;
-	u32		*bufp = argp->buf;
-	int		len   = argp->len, slen, i;
+	u32		*bufp = argp->buf, slen, i;
+	int		len   = argp->len;
 
 	if ((len -= 3) < 0) {
 		*statp = rpc_garbage_args;
@@ -127,7 +130,7 @@
 	bufp++;					/* length */
 	bufp++;					/* time stamp */
 	slen = (ntohl(*bufp++) + 3) >> 2;	/* machname length */
-	if (slen > 64 || (len -= slen) < 0)
+	if (slen > 64 || (len -= slen + 3) < 0)
 		goto badcred;
 	bufp += slen;				/* skip machname */
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)