sunrpc: return error if unsupported enctype or cksumtype is encountered

Return an error from gss_import_sec_context_kerberos if the
negotiated context contains encryption or checksum types not
supported by the kernel code.

This fixes an Oops because success was assumed and later code found
no internal_ctx_id.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index 9843eacef11dc47bd8fdf11b6bf1a492ac70cd16..60c3dba545d7c8287cc17a00251e7fe43dad9e27 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -147,13 +147,17 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       if (tmp != SGN_ALG_DES_MAC_MD5)
+       if (tmp != SGN_ALG_DES_MAC_MD5) {
+               p = ERR_PTR(-ENOSYS);
                goto out_err_free_ctx;
+       }
        p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       if (tmp != SEAL_ALG_DES)
+       if (tmp != SEAL_ALG_DES) {
+               p = ERR_PTR(-ENOSYS);
                goto out_err_free_ctx;
+       }
        p = simple_get_bytes(p, end, &ctx->endtime, sizeof(ctx->endtime));
        if (IS_ERR(p))
                goto out_err_free_ctx;

diff --git a/net/sunrpc/auth_gss/gss_krb5_seal.c b/net/sunrpc/auth_gss/gss_krb5_seal.c
index 1c6eda5077c16683051a847fe0892dd253eb884e..dedcbd6108f4272e76c3cf2f7fac4c82d85e856f 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_seal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seal.c
@@ -83,6 +83,7 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
        u32                     seq_send;
 
        dprintk("RPC:       gss_krb5_seal\n");
+       BUG_ON(ctx == NULL);
 
        now = get_seconds();