git://git.whamcloud.com - fs/lustre-release.git/commit

author	Arshad Hussain <arshad.hussain@aeoncomputing.com>
	Wed, 1 Nov 2023 06:50:53 +0000 (12:20 +0530)
committer	Oleg Drokin <green@whamcloud.com>
	Wed, 13 Dec 2023 12:21:41 +0000 (12:21 +0000)
commit	7d764f1f11be144ad26e33aa8cecedc5bb708793
tree	23cf87e0a25fc866b427bef5163c587291e54a0a	tree \| snapshot
parent	7dcdb9eb0ded98e956fe417abbd835433a8de3f0	commit \| diff

LU-17000 gss: Fix Out-of-bounds access under svcgssd_proc.c

Problem reported by coverity was passing 32bit type and
then dereferencing to larger 64bit under function
handle_channel_request(). This patch address this issue.

Since this is an uapi and to catch corner cases like
kernel modules being updated separately from user tools
RSI_DOWNCALL_MAGIC is also changed from 0x6d6dd62a to
0x6d6dd63a.

This patch also changes 32bit member (sid_hash) of
'struct rsi_downcall_data' to 64bit. Which also requires
changing of wiretest.c and wirecheck.c

CoverityID: 404758 ("Out-of-bounds access")
Fixes: 8d828762d1 ("LU-17015 gss: support large kerberos token for rpc sec init")
Test-Parameters: kerberos=true testlist=sanity-krb5
Signed-off-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Change-Id: I8041cd4063f1b1cefdebf5681df426be61820f99
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/52920
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/include/uapi/linux/lustre/lgss.h		diff \| blob \| history
lustre/ptlrpc/wiretest.c		diff \| blob \| history
lustre/utils/gss/svcgssd_proc.c		diff \| blob \| history
lustre/utils/wirecheck.c		diff \| blob \| history
lustre/utils/wiretest.c		diff \| blob \| history