Searched hist:"4 dd9daa9" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/net/sunrpc/auth_gss/ |
H A D | svcauth_gss.c | 4dd9daa9 Sun Nov 27 11:17:27 CST 2022 Chuck Lever <chuck.lever@oracle.com> SUNRPC: Fix crasher in unwrap_integ_data()
If a zero length is passed to kmalloc() it returns 0x10, which is not a valid address. gss_verify_mic() subsequently crashes when it attempts to dereference that pointer.
Instead of allocating this memory on every call based on an untrusted size value, use a piece of dynamically-allocated scratch memory that is always available.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Reviewed-by: Jeff Layton <jlayton@kernel.org>
|