git.baikalelectronics.ru Git - kernel.git/commit

author	Jeff Layton <jlayton@redhat.com>
	Wed, 6 Feb 2013 13:28:55 +0000 (08:28 -0500)
committer	J. Bruce Fields <bfields@redhat.com>
	Fri, 8 Feb 2013 20:19:10 +0000 (15:19 -0500)
commit	aa449e3bfc0220cf8539213f255cf503028607e3
tree	fbb813220a57f4c8fbc110b933ff3698e67ec75d	tree \| snapshot
parent	10d98ab43e3092f0edea53b97b8cfbb818b03510	commit \| diff

sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer

When GSSAPI integrity signatures are in use, or when we're using GSSAPI
privacy with the v2 token format, there is a trailing checksum on the
xdr_buf that is returned.

It's checked during the authentication stage, and afterward nothing
cares about it. Ordinarily, it's not a problem since the XDR code
generally ignores it, but it will be when we try to compute a checksum
over the buffer to help prevent XID collisions in the duplicate reply
cache.

Fix the code to trim off the checksums after verifying them. Note that
in unwrap_integ_data, we must avoid trying to reverify the checksum if
the request was deferred since it will no longer be present when it's
revisited.

Signed-off-by: Jeff Layton <jlayton@redhat.com>

include/linux/sunrpc/xdr.h		diff \| blob \| history
net/sunrpc/auth_gss/gss_krb5_wrap.c		diff \| blob \| history
net/sunrpc/auth_gss/svcauth_gss.c		diff \| blob \| history
net/sunrpc/xdr.c		diff \| blob \| history