svn commit: r250111 - stable/9/sys/rpc/rpcsec_gss

[George V. Neville-Neil]

Author: gnn
Date: Tue Apr 30 18:06:43 2013
New Revision: 250111
URL: http://svnweb.freebsd.org/changeset/base/250111

Log:
  Improve error handling when unwrapping received data.
  
  Submitted by:	Rick Macklem

Modified:
  stable/9/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/amd64/include/xen/   (props changed)
  stable/9/sys/boot/   (props changed)
  stable/9/sys/boot/i386/efi/   (props changed)
  stable/9/sys/boot/ia64/efi/   (props changed)
  stable/9/sys/boot/ia64/ski/   (props changed)
  stable/9/sys/boot/powerpc/boot1.chrp/   (props changed)
  stable/9/sys/boot/powerpc/ofw/   (props changed)
  stable/9/sys/cddl/contrib/opensolaris/   (props changed)
  stable/9/sys/conf/   (props changed)
  stable/9/sys/contrib/dev/acpica/   (props changed)
  stable/9/sys/contrib/octeon-sdk/   (props changed)
  stable/9/sys/contrib/pf/   (props changed)
  stable/9/sys/contrib/x86emu/   (props changed)
  stable/9/sys/dev/   (props changed)
  stable/9/sys/dev/e1000/   (props changed)
  stable/9/sys/dev/isp/   (props changed)
  stable/9/sys/dev/ixgbe/   (props changed)
  stable/9/sys/dev/puc/   (props changed)
  stable/9/sys/fs/   (props changed)
  stable/9/sys/fs/ntfs/   (props changed)
  stable/9/sys/modules/   (props changed)
  stable/9/sys/net/   (props changed)
  stable/9/sys/sys/   (props changed)

Modified: stable/9/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c
==============================================================================
--- stable/9/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c	Tue Apr 30 16:59:25 2013	(r250110)
+++ stable/9/sys/rpc/rpcsec_gss/rpcsec_gss_prot.c	Tue Apr 30 18:06:43 2013	(r250111)
@@ -208,6 +208,8 @@ m_trim(struct mbuf *m, int len)
 	struct mbuf *n;
 	int off;
 
+	if (m == NULL)
+		return;
 	n = m_getptr(m, len, &off);
 	if (n) {
 		n->m_len = off;
@@ -251,10 +253,19 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
 		 * Extract the MIC and make it contiguous.
 		 */
 		cklen = get_uint32(&results);
+		if (!results) {
+			m_freem(message);
+			return (FALSE);
+		}
 		KASSERT(cklen <= MHLEN, ("unexpected large GSS-API checksum"));
 		mic = results;
-		if (cklen > mic->m_len)
+		if (cklen > mic->m_len) {
 			mic = m_pullup(mic, cklen);
+			if (!mic) {
+				m_freem(message);
+				return (FALSE);
+			}
+		}
 		if (cklen != RNDUP(cklen))
 			m_trim(mic, cklen);
 
@@ -272,6 +283,8 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
 	} else if (svc == rpc_gss_svc_privacy) {
 		/* Decode databody_priv. */
 		len = get_uint32(&results);
+		if (!results)
+			return (FALSE);
 
 		/* Decrypt databody. */
 		message = results;
@@ -294,6 +307,8 @@ xdr_rpc_gss_unwrap_data(struct mbuf **re
 
 	/* Decode rpc_gss_data_t (sequence number + arguments). */
 	seq_num = get_uint32(&message);
+	if (!message)
+		return (FALSE);
 	
 	/* Verify sequence number. */
 	if (seq_num != seq) {