nfsd4: fix null dereference creating nfsv4 callback client
authorJ. Bruce Fields <bfields@citi.umich.edu>
Tue, 15 Sep 2009 16:22:42 +0000 (12:22 -0400)
committerJ. Bruce Fields <bfields@citi.umich.edu>
Wed, 16 Sep 2009 00:49:33 +0000 (20:49 -0400)
On setting up the callback to the client, we attempt to use the same
authentication flavor the client did.  We find an rpc cred to use by
calling rpcauth_lookup_credcache(), which assumes that the given
authentication flavor has a credentials cache.  However, this is not
required to be true--in particular, auth_null does not use one.
Instead, we should call the auth's lookup_cred() method.

Without this, a client attempting to mount using nfsv4 and auth_null
triggers a null dereference.

Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
fs/nfsd/nfs4callback.c

index 63bb384b4d5ce26ae3a850acc45cfee274c019d2..4abb88264c72ff4a2d0605f5d6f37506ed706aef 100644 (file)
@@ -437,6 +437,7 @@ static struct rpc_cred *lookup_cb_cred(struct nfs4_cb_conn *cb)
        struct auth_cred acred = {
                .machine_cred = 1
        };
+       struct rpc_auth *auth = cb->cb_client->cl_auth;
 
        /*
         * Note in the gss case this doesn't actually have to wait for a
@@ -444,8 +445,7 @@ static struct rpc_cred *lookup_cb_cred(struct nfs4_cb_conn *cb)
         * non-uptodate cred which the rpc state machine will fill in with
         * a refresh_upcall later.
         */
-       return rpcauth_lookup_credcache(cb->cb_client->cl_auth, &acred,
-                                                       RPCAUTH_LOOKUP_NEW);
+       return auth->au_ops->lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
 }
 
 void do_probe_callback(struct nfs4_client *clp)