SUNRPC,RPCSEC_GSS: remove unnecessary kmalloc of a checksum
authorJ. Bruce Fields <bfields@fieldses.org>
Tue, 21 Mar 2006 04:23:11 +0000 (23:23 -0500)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Tue, 21 Mar 2006 04:23:11 +0000 (23:23 -0500)
Remove unnecessary kmalloc of temporary space to hold the md5 result; it's
small enough to just put on the stack.

This code may be called to process rpc's necessary to perform writes, so
there's a potential deadlock whenever we kmalloc() here.  After this a
couple kmalloc()'s still remain, to be removed soon.

This also fixes a rare double-free on error noticed by coverity.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
net/sunrpc/auth_gss/gss_krb5_seal.c
net/sunrpc/auth_gss/gss_krb5_unseal.c
net/sunrpc/auth_gss/gss_krb5_wrap.c
net/sunrpc/auth_gss/gss_spkm3_seal.c
net/sunrpc/auth_gss/gss_spkm3_unseal.c

index d0dfdfd5e79efa926140d23e10ecba89e16cc381..58f9721980e2f7836887af5ea4cac3a1b656d8be 100644 (file)
@@ -76,7 +76,8 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 {
        struct krb5_ctx         *ctx = gss_ctx->internal_ctx_id;
        s32                     checksum_type;
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        unsigned char           *ptr, *krb5_hdr, *msg_start;
        s32                     now;
 
@@ -133,8 +134,6 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
                BUG();
        }
 
-       kfree(md5cksum.data);
-
        if ((krb5_make_seq_num(ctx->seq, ctx->initiate ? 0 : 0xff,
                               ctx->seq_send, krb5_hdr + 16, krb5_hdr + 8)))
                goto out_err;
@@ -143,6 +142,5 @@ gss_get_mic_kerberos(struct gss_ctx *gss_ctx, struct xdr_buf *text,
 
        return ((ctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
 out_err:
-       kfree(md5cksum.data);
        return GSS_S_FAILURE;
 }
index db055fd7d7789c22ef62e4e8faab7ebac7cafebd..0828cf64100f977d241dac71d393a0148aa8f09a 100644 (file)
@@ -79,7 +79,8 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        int                     signalg;
        int                     sealalg;
        s32                     checksum_type;
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        s32                     now;
        int                     direction;
        s32                     seqnum;
@@ -176,6 +177,5 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
 
        ret = GSS_S_COMPLETE;
 out:
-       kfree(md5cksum.data);
        return ret;
 }
index af777cf9f2510f7a3780cfcfac6375b21ea61688..346133e446cb7397b25e0fc375766ee21005e037 100644 (file)
@@ -121,7 +121,8 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 {
        struct krb5_ctx         *kctx = ctx->internal_ctx_id;
        s32                     checksum_type;
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        int                     blocksize = 0, plainlen;
        unsigned char           *ptr, *krb5_hdr, *msg_start;
        s32                     now;
@@ -205,8 +206,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
                BUG();
        }
 
-       kfree(md5cksum.data);
-
        /* XXX would probably be more efficient to compute checksum
         * and encrypt at the same time: */
        if ((krb5_make_seq_num(kctx->seq, kctx->initiate ? 0 : 0xff,
@@ -221,7 +220,6 @@ gss_wrap_kerberos(struct gss_ctx *ctx, int offset,
 
        return ((kctx->endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE);
 out_err:
-       if (md5cksum.data) kfree(md5cksum.data);
        return GSS_S_FAILURE;
 }
 
@@ -232,7 +230,8 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
        int                     signalg;
        int                     sealalg;
        s32                     checksum_type;
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        s32                     now;
        int                     direction;
        s32                     seqnum;
@@ -358,6 +357,5 @@ gss_unwrap_kerberos(struct gss_ctx *ctx, int offset, struct xdr_buf *buf)
 
        ret = GSS_S_COMPLETE;
 out:
-       if (md5cksum.data) kfree(md5cksum.data);
        return ret;
 }
index 86fbf7c3e39ca0e96fd7b31f17bceb9f068b1ce8..18c7862bc234a989c14e26bee79212de3f2a63fc 100644 (file)
@@ -57,7 +57,8 @@ spkm3_make_token(struct spkm3_ctx *ctx,
 {
        s32                     checksum_type;
        char                    tokhdrbuf[25];
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        struct xdr_netobj       mic_hdr = {.len = 0, .data = tokhdrbuf};
        int                     tokenlen = 0;
        unsigned char           *ptr;
@@ -115,13 +116,11 @@ spkm3_make_token(struct spkm3_ctx *ctx,
                dprintk("RPC: gss_spkm3_seal: SPKM_WRAP_TOK not supported\n");
                goto out_err;
        }
-       kfree(md5cksum.data);
 
        /* XXX need to implement sequence numbers, and ctx->expired */
 
        return  GSS_S_COMPLETE;
 out_err:
-       kfree(md5cksum.data);
        token->data = NULL;
        token->len = 0;
        return GSS_S_FAILURE;
index 96851b0ba1bab7758a55704d845a027f9b4e8c8f..8537f581ef9b904f7abe5d821a6dcc7da1a41dec 100644 (file)
@@ -56,7 +56,8 @@ spkm3_read_token(struct spkm3_ctx *ctx,
 {
        s32                     code;
        struct xdr_netobj       wire_cksum = {.len =0, .data = NULL};
-       struct xdr_netobj       md5cksum = {.len = 0, .data = NULL};
+       char                    cksumdata[16];
+       struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        unsigned char           *ptr = (unsigned char *)read_token->data;
        unsigned char           *cksum;
        int                     bodysize, md5elen;
@@ -120,7 +121,6 @@ spkm3_read_token(struct spkm3_ctx *ctx,
        /* XXX: need to add expiration and sequencing */
        ret = GSS_S_COMPLETE;
 out:
-       kfree(md5cksum.data);
        kfree(wire_cksum.data);
        return ret;
 }