rpcgss: krb5: ignore seed

We're currently not actually using seed or seed_init.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index 01c5e43..5a4b1e0 100644 (file)
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -42,8 +42,6 @@
 
 struct krb5_ctx {
        int                     initiate; /* 1 = initiating, 0 = accepting */
-       int                     seed_init;
-       unsigned char           seed[16];
        struct crypto_blkcipher *enc;
        struct crypto_blkcipher *seq;
        s32                     endtime;

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index bf5435d..05d4bee 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -137,12 +137,13 @@ gss_import_sec_context_kerberos(const void *p,
        p = simple_get_bytes(p, end, &ctx->initiate, sizeof(ctx->initiate));
        if (IS_ERR(p))
                goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, &ctx->seed_init, sizeof(ctx->seed_init));
-       if (IS_ERR(p))
-               goto out_err_free_ctx;
-       p = simple_get_bytes(p, end, ctx->seed, sizeof(ctx->seed));
-       if (IS_ERR(p))
+       /* The downcall format was designed before we completely understood
+        * the uses of the context fields; so it includes some stuff we
+        * just give some minimal sanity-checking, and some we ignore
+        * completely (like the next twenty bytes): */
+       if (unlikely(p + 20 > end || p + 20 < p))
                goto out_err_free_ctx;
+       p += 20;
        p = simple_get_bytes(p, end, &tmp, sizeof(tmp));
        if (IS_ERR(p))
                goto out_err_free_ctx;