Page MenuHomeFreeBSD
Differential D52962

sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)
ClosedPublic
Actions

Authored by olce on Oct 7 2025, 5:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 8, 1:30 AM
Unknown Object (File)
Mon, Nov 3, 2:48 AM
Unknown Object (File)
Sat, Nov 1, 1:23 AM
Unknown Object (File)
Thu, Oct 30, 10:12 AM
Unknown Object (File)
Mon, Oct 27, 2:54 PM
Unknown Object (File)
Sun, Oct 26, 8:31 AM
Unknown Object (File)
Sun, Oct 26, 8:31 AM
Unknown Object (File)
Sun, Oct 26, 8:31 AM
View All 18 Files
Subscribers
emaste
imp

Details

Reviewers
rmacklem
dfr
Commits
rGfc3b621afdb5: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)
rG34fc20503f04: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)
rGb119ef0f6a81: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)
Summary

Consistently with the XDR_INLINE() variant of xdr_authunix_parms()
(_svcauth_unix() in 'svc_auth_unix.c'), reject messages with credentials
having a machine name length in excess of AUTH_SYS_MAX_HOSTNAME or more
than AUTH_SYS_MAX_GROUPS supplementary groups, which do not conform to
RFC 5531. This is done mainly because we cannot store excess groups
anyway, even if at odds with the robustness principle ("be liberal in
what you accept").

Fixes: dfdcada31e79 ("Add the new kernel-mode NFS Lock Manager.")
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce created this revision.Oct 7 2025, 5:14 PM
Herald added a subscriber: imp. · View Herald TranscriptOct 7 2025, 5:14 PM
olce requested review of this revision.Oct 7 2025, 5:14 PM
Harbormaster completed remote builds in B67620: Diff 163713.Oct 7 2025, 5:14 PM
olce added a parent revision: D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}.Oct 7 2025, 5:24 PM
olce added a child revision: D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2).
olce added a reviewer: dfr.
rmacklem accepted this revision.Oct 10 2025, 10:29 PM

Looks ok to me. You can decide whether or not to add the
KASSERT for x_op != XDR_FREE?

sys/rpc/authunix_prot.c
63–64

These xdr functions usually have a case where
xdrs->x_op is XDR_FREE.

Maybe adding a KASSERT to check that x_op != XDR_FREE
might be useful?

This revision is now accepted and ready to land.Oct 10 2025, 10:29 PM
olce added inline comments.Mon, Oct 13, 1:13 PM
sys/rpc/authunix_prot.c
63–64

I've noticed the existence of XDR_FREE recently. If the function does not support anything else than encode and decode, let's indeed test for that. It doesn't look like it would be too hard to implement XDR_FREE, as basically this function does not allocate anything on XDR_DECODE, so we basically could just return TRUE immediately. I don't see any caller with XDR_FREE in the kernel anyway (I see some in userland to the userland version).

rmacklem added inline comments.Mon, Oct 13, 1:57 PM
sys/rpc/authunix_prot.c
63–64

Yep, you can implement it if you'd like.
As you note, there are no callers. It would
break if there were.

olce marked 2 inline comments as done.Mon, Oct 13, 3:10 PM
Closed by commit rGb119ef0f6a81: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2) (authored by olce). · Explain WhyTue, Oct 14, 12:23 PM
This revision was automatically updated to reflect the committed changes.
olce added a commit: rGb119ef0f6a81: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).
olce added a commit: rG34fc20503f04: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).Thu, Oct 16, 4:59 PM
cperciva added a commit: rGfc3b621afdb5: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).Thu, Oct 16, 6:51 PM

Revision Contents
Changeset List

PathSize
sys/
rpc/
33 lines

Diff 164134

View Options

sys/rpc/authunix_prot.c

Loading...