diff options
| author | Chuck Lever <chuck.lever@oracle.com> | 2015-11-16 08:01:29 -0500 |
|---|---|---|
| committer | Steve Dickson <steved@redhat.com> | 2015-11-16 08:46:16 -0500 |
| commit | 8cf197b50243dee64ffb6c2da1d92179bee4f705 (patch) | |
| tree | c2f85969d23cbf114495298fe6b8034a598dc399 /src | |
| parent | 4f1503e84b2f7bd229a097335e52fb8203f5bb0b (diff) | |
| download | ti-rpc-8cf197b50243dee64ffb6c2da1d92179bee4f705.tar.gz | |
rpc_gss_set_svc_name() overwrites _svcauth_gss_creds
_svcauth_gss() already refreshes the server's credentials while
handling each RPC call. This overwrites the pointer to the
credentials acquired by rpc_gss_set_svc_name(), leaking them.
This is typically a one-time leak of about 16KB.
Fixes: c55a77516fd0 ('Add server-side rpc_gss_*() APIs')
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/svc_auth_gss.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c index b6aa407..b09635f 100644 --- a/src/svc_auth_gss.c +++ b/src/svc_auth_gss.c @@ -129,6 +129,8 @@ struct svc_rpc_gss_data { ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) /* Global server credentials. */ +static u_int _svcauth_req_time = 0; +static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; static gss_cred_id_t _svcauth_gss_creds; static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; static char * _svcauth_svc_name = NULL; @@ -189,14 +191,15 @@ svcauth_gss_import_name(char *service) } static bool_t -svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) +svcauth_gss_acquire_cred(void) { OM_uint32 maj_stat, min_stat; gss_log_debug("in svcauth_gss_acquire_cred()"); - maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, - oid_set, GSS_C_ACCEPT, + maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, + _svcauth_req_time, &_svcauth_oid_set, + GSS_C_ACCEPT, &_svcauth_gss_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { @@ -667,7 +670,7 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) return (AUTH_FAILED); } - if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) + if (!svcauth_gss_acquire_cred()) return (AUTH_FAILED); if (!svcauth_gss_accept_sec_context(rqst, &gr)) @@ -890,7 +893,6 @@ bool_t rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, u_int UNUSED(program), u_int UNUSED(version)) { - gss_OID_set_desc oid_set; rpc_gss_OID oid; char *save; @@ -902,14 +904,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, if (!rpc_gss_mech_to_oid(mechanism, &oid)) goto out_err; - oid_set.count = 1; - oid_set.elements = (gss_OID)oid; if (!svcauth_gss_import_name(principal)) goto out_err; - if (!svcauth_gss_acquire_cred(req_time, &oid_set)) - goto out_err; + _svcauth_req_time = req_time; + _svcauth_oid_set.count = 1; + _svcauth_oid_set.elements = (gss_OID)oid; free(_svcauth_svc_name); _svcauth_svc_name = save; return TRUE; |