Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2706429iof;
        Wed, 8 Jun 2022 10:17:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJztn00Jq7LUuNyJmjbJ/bhBQAnnFtI3YsshrK6WJ9dTs5Nv80eSF9Rmh/hMzH5P/Zj9Dr44
X-Received: by 2002:a63:6888:0:b0:3fe:49fc:3be3 with SMTP id d130-20020a636888000000b003fe49fc3be3mr1126783pgc.182.1654708661639;
        Wed, 08 Jun 2022 10:17:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1654708661; cv=none;
        d=google.com; s=arc-20160816;
        b=dfHz9B5w2S1YjLL2ydLRqPTJAl9ZWCMScJSyHDNLrsJauPnoWH9GygU0saoCLIZXJ5
         7tUk19qH0iVfEOCJAPHNyPvXDcEdJaMSxSxKhLWmV5CS2jXSs6bQzC/bOWWlNYJu1dww
         J08iy5rr34uSRoMn8t6EAF6iypQ7k/ZZWBqKUaFPNr3Qw4+2DEhMyf/C3vnaflSapaAj
         J3Wwdzj95CbkcrBAl+yy62mafj4BBrk3IQlZfMmkd8Apq027cmMjiYwN/IpMCLrz2i/B
         bm5AUHOKxDP72ukijIehmpQD4ptHrqynGQ+vzTlu3k+UNz6PfY7pKibbRzk1HeCbckq8
         KTug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:in-reply-to:to:subject:message-id
         :from:content-transfer-encoding:date:mime-version;
        bh=gKetFa0qVfhudzR6HYGOnCPgevTi53GoR+90bFvtaL4=;
        b=bIgkNoet9TgnUM/GiU5F+BhUEqol9L0846HBf4p86hTHLMqRcb8ZuAED16Lw3C7s7W
         neIq/Ofw/1T+MeSoYkN/HeWjRnzKY1wRZByFcSOkjUIAmL0a6MqUCzr+5cKBhbUX+1RC
         ubyURHcjhxsQXvYOVSsnxxUbhPnWFdMJAcMv1DgSydOrTspZQOib1mY7bcvrkKmNNgay
         6EcHrdHRDdvr8LvqmdfrPSJld2EgW5F1YtMPg/eKC+vhtSMXhWz157Zn2YS0UMw4YuIA
         MRBBJtDOj90VhbW0ia60QHgfrntnBo3U6v9soZgMD0p2ynlmJCCUXR09q6YPav+zd24Z
         E5NA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s1-20020a056a00178100b005107e713c1dsi22424792pfg.273.2022.06.08.10.16.42;
        Wed, 08 Jun 2022 10:17:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231176AbiFHROX convert rfc822-to-8bit (ORCPT
        <rfc822;jx.jiangxin@gmail.com> + 99 others);
        Wed, 8 Jun 2022 13:14:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47956 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231421AbiFHROC (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Wed, 8 Jun 2022 13:14:02 -0400
Received: from mail.linux-ng.de (srv.linux-ng.de [IPv6:2a01:4f8:160:92e6::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 40720249323
        for <linux-nfs@vger.kernel.org>; Wed,  8 Jun 2022 09:59:29 -0700 (PDT)
Received: from cloud.linux-ng.de (srv.linux-ng.de [IPv6:2a01:4f8:160:92e6::2])
        by mail.linux-ng.de (Postfix) with ESMTPSA id 1A69D841D565
        for <linux-nfs@vger.kernel.org>; Wed,  8 Jun 2022 18:59:28 +0200 (CEST)
MIME-Version: 1.0
Date:   Wed, 08 Jun 2022 16:59:28 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8BIT
X-Mailer: RainLoop/1.16.0
From:   marcel@linux-ng.de
Message-ID: <fc9862d27cdf732e305bc6d1800bdf2a@linux-ng.de>
Subject: Re: [PATCH 1/3] cifs-utils/svcgssd: Fix use-after-free bug
 (config variables)
To:     linux-nfs@vger.kernel.org
In-Reply-To: <20220607081909.1216287-1-marcel@linux-ng.de>
References: <20220607081909.1216287-1-marcel@linux-ng.de>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Hi again,

argl - just noticed that I described the patches with "cifs-utils" - should be "nfs-utils" of course :-(
Sorry for that.

Marcel


June 7, 2022 10:19 AM, marcel@linux-ng.de wrote:

> From: Marcel Ritter <marcel@linux-ng.de>
> 
> This patch fixes a bug when trying to set "principal" in /etc/nfs.conf.
> Memory gets freed by conf_cleanup() before being used - moving cleanup
> code resolves that.
> 
> ---
> utils/gssd/svcgssd.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
> index 881207b3..a242b789 100644
> --- a/utils/gssd/svcgssd.c
> +++ b/utils/gssd/svcgssd.c
> @@ -211,9 +211,6 @@ main(int argc, char *argv[])
> rpc_verbosity = conf_get_num("svcgssd", "RPC-Verbosity", rpc_verbosity);
> idmap_verbosity = conf_get_num("svcgssd", "IDMAP-Verbosity", idmap_verbosity);
> 
> - /* We don't need the config anymore */
> - conf_cleanup();
> -
> while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
> switch (opt) {
> case 'f':
> @@ -328,6 +325,9 @@ main(int argc, char *argv[])
> 
> daemon_ready();
> 
> + /* We don't need the config anymore */
> + conf_cleanup();
> +
> nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
> 
> rc = event_base_dispatch(evbase);
> -- 
> 2.34.1