nfsd4: fix null dereference creating nfsv4 callback client

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

On setting up the callback to the client, we attempt to use the same
authentication flavor the client did. We find an rpc cred to use by
calling rpcauth_lookup_credcache(), which assumes that the given
authentication flavor has a credentials cache. However, this is not
required to be true--in particular, auth_null does not use one.
Instead, we should call the auth's lookup_cred() method.

Without this, a client attempting to mount using nfsv4 and auth_null
triggers a null dereference.

Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

J. Bruce Fields 16 years ago 886e3b7f 4be36ca0

+2 -2

1 changed file

expand all

nfsd

nfs4callback.c

+2 -2

fs/nfsd/nfs4callback.c

··· 437 437 struct auth_cred acred = { 438 438 .machine_cred = 1 439 439 }; 440 + struct rpc_auth *auth = cb->cb_client->cl_auth; 440 441 441 442 /* 442 443 * Note in the gss case this doesn't actually have to wait for a ··· 445 444 * non-uptodate cred which the rpc state machine will fill in with 446 445 * a refresh_upcall later. 447 446 */ 448 - return rpcauth_lookup_credcache(cb->cb_client->cl_auth, &acred, 449 - RPCAUTH_LOOKUP_NEW); 447 + return auth->au_ops->lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW); 450 448 } 451 449 452 450 void do_probe_callback(struct nfs4_client *clp)