svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures
In an environment where the KDC is running Active Directory, the exported composite name field returned in the context could be large enough to span a page boundary. Attaching a scratch buffer to the decoding xdr_stream helps deal with those cases. The case where we saw this was actually due to behavior that's been fixed in newer gss-proxy versions, but we're fixing it here too. Signed-off-by: NScott Mayhew <smayhew@redhat.com> Cc: stable@vger.kernel.org Reviewed-by: NSimo Sorce <simo@redhat.com> Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
Showing
想要评论请 注册 或 登录