sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (aa1e52cb) · Commits · e / devices / android_kernel_oneplus_sm8150

net/sunrpc/auth_gss/gss_krb5_seqnum.c

+38 −11

Original line number	Diff line number	Diff line
		@@ -44,7 +44,7 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
		unsigned char cksum, unsigned char buf)
		{
		struct crypto_skcipher *cipher;
		unsigned char plain[8];
		unsigned char *plain;
		s32 code;

		dprintk("RPC: %s:\n", __func__);
		@@ -53,6 +53,10 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
		if (IS_ERR(cipher))
		return PTR_ERR(cipher);

		plain = kmalloc(8, GFP_NOFS);
		if (!plain)
		return -ENOMEM;

		plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
		plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
		plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
		@@ -69,6 +73,7 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
		code = krb5_encrypt(cipher, cksum, plain, buf, 8);
		out:
		crypto_free_skcipher(cipher);
		kfree(plain);
		return code;
		}
		s32
		@@ -78,12 +83,17 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
		u32 seqnum,
		unsigned char cksum, unsigned char buf)
		{
		unsigned char plain[8];
		unsigned char *plain;
		s32 code;

		if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
		return krb5_make_rc4_seq_num(kctx, direction, seqnum,
		cksum, buf);

		plain = kmalloc(8, GFP_NOFS);
		if (!plain)
		return -ENOMEM;

		plain[0] = (unsigned char) (seqnum & 0xff);
		plain[1] = (unsigned char) ((seqnum >> 8) & 0xff);
		plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
		@@ -94,7 +104,9 @@ krb5_make_seq_num(struct krb5_ctx *kctx,
		plain[6] = direction;
		plain[7] = direction;

		return krb5_encrypt(key, cksum, plain, buf, 8);
		code = krb5_encrypt(key, cksum, plain, buf, 8);
		kfree(plain);
		return code;
		}

		static s32
		@@ -102,7 +114,7 @@ krb5_get_rc4_seq_num(struct krb5_ctx kctx, unsigned char cksum,
		unsigned char buf, int direction, s32 *seqnum)
		{
		struct crypto_skcipher *cipher;
		unsigned char plain[8];
		unsigned char *plain;
		s32 code;

		dprintk("RPC: %s:\n", __func__);
		@@ -115,20 +127,28 @@ krb5_get_rc4_seq_num(struct krb5_ctx kctx, unsigned char cksum,
		if (code)
		goto out;

		plain = kmalloc(8, GFP_NOFS);
		if (!plain) {
		code = -ENOMEM;
		goto out;
		}

		code = krb5_decrypt(cipher, cksum, buf, plain, 8);
		if (code)
		goto out;
		goto out_plain;

		if ((plain[4] != plain[5]) \|\| (plain[4] != plain[6])
		\|\| (plain[4] != plain[7])) {
		code = (s32)KG_BAD_SEQ;
		goto out;
		goto out_plain;
		}

		*direction = plain[4];

		*seqnum = ((plain[0] << 24) \| (plain[1] << 16) \|
		(plain[2] << 8) \| (plain[3]));
		out_plain:
		kfree(plain);
		out:
		crypto_free_skcipher(cipher);
		return code;
		@@ -141,26 +161,33 @@ krb5_get_seq_num(struct krb5_ctx *kctx,
		int direction, u32 seqnum)
		{
		s32 code;
		unsigned char plain[8];
		struct crypto_skcipher *key = kctx->seq;
		unsigned char *plain;

		dprintk("RPC: krb5_get_seq_num:\n");

		if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC)
		return krb5_get_rc4_seq_num(kctx, cksum, buf,
		direction, seqnum);
		plain = kmalloc(8, GFP_NOFS);
		if (!plain)
		return -ENOMEM;

		if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
		return code;
		goto out;

		if ((plain[4] != plain[5]) \|\| (plain[4] != plain[6]) \|\|
		(plain[4] != plain[7]))
		return (s32)KG_BAD_SEQ;
		(plain[4] != plain[7])) {
		code = (s32)KG_BAD_SEQ;
		goto out;
		}

		*direction = plain[4];

		*seqnum = ((plain[0]) \|
		(plain[1] << 8) \| (plain[2] << 16) \| (plain[3] << 24));

		return 0;
		out:
		kfree(plain);
		return code;
		}