lockd: Add helper to sanity check incoming NOTIFY requests
lockd accepts SM_NOTIFY calls only from a privileged process on the local system. If lockd uses an AF_INET6 listener, the sender's address (ie the local rpc.statd) will be the IPv6 loopback address, not the IPv4 loopback address. Make sure the privilege test in nlmsvc_proc_sm_notify() and nlm4svc_proc_sm_notify() works for both AF_INET and AF_INET6 family addresses by refactoring the test into a helper and adding support for IPv6 addresses. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
This commit is contained in:
Chuck Lever
committed by
J. Bruce Fields
J. Bruce Fields
parent
dcff09f124
commit
b85e467634
@@ -421,11 +421,9 @@ nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
|
||||
{
|
||||
struct sockaddr_in saddr;
|
||||
|
||||
memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
|
||||
|
||||
dprintk("lockd: SM_NOTIFY called\n");
|
||||
if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
|
||||
|| ntohs(saddr.sin_port) >= 1024) {
|
||||
|
||||
if (!nlm_privileged_requester(rqstp)) {
|
||||
char buf[RPC_MAX_ADDRBUFLEN];
|
||||
printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
|
||||
svc_print_addr(rqstp, buf, sizeof(buf)));
|
||||
|
||||
Reference in New Issue
Block a user