Author: gnn
Date: Thu Apr 4 15:16:53 2013
New Revision: 249096
URL: http://svnweb.freebsd.org/changeset/base/249096
Log:
Improve error handling when unwrapping received data.
Submitted by: Rick Macklem
MFC after: 1 week
Modified:
head/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
Modified: head/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
==============================================================================
--- head/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c Thu Apr 4 15:03:12 2013
(r249095)
+++ head/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c Thu Apr 4 15:16:53 2013
(r249096)
@@ -208,6 +208,8 @@ m_trim(struct mbuf *m, int len)
struct mbuf *n;
int off;
+ if (m == NULL)
+ return;
n = m_getptr(m, len, &off);
if (n) {
n->m_len = off;
@@ -251,10 +253,19 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
* Extract the MIC and make it contiguous.
*/
cklen = get_uint32(&results);
+ if (!results) {
+ m_freem(message);
+ return (FALSE);
+ }
KASSERT(cklen <= MHLEN, ("unexpected large GSS-API checksum"));
mic = results;
- if (cklen > mic->m_len)
+ if (cklen > mic->m_len) {
mic = m_pullup(mic, cklen);
+ if (!mic) {
+ m_freem(message);
+ return (FALSE);
+ }
+ }
if (cklen != RNDUP(cklen))
m_trim(mic, cklen);
@@ -272,6 +283,8 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
} else if (svc == rpc_gss_svc_privacy) {
/* Decode databody_priv. */
len = get_uint32(&results);
+ if (!results)
+ return (FALSE);
/* Decrypt databody. */
message = results;
@@ -294,6 +307,8 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
/* Decode rpc_gss_data_t (sequence number + arguments). */
seq_num = get_uint32(&message);
+ if (!message)
+ return (FALSE);
/* Verify sequence number. */
if (seq_num != seq) {
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
