summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2008-12-11 17:56:44 -0500
committerJ. Bruce Fields <bfields@citi.umich.edu>2009-01-06 11:53:56 -0500
commitd1208f70738c91f13b4eadb1b7a694082e439da2 (patch)
tree756e10b06467f9a9fd52f977a886b736def6f9f0
parent49b5699b3fc22b363534c509c1b7dba06bc677bf (diff)
downloadkernel-crypto-d1208f70738c91f13b4eadb1b7a694082e439da2.tar.gz
kernel-crypto-d1208f70738c91f13b4eadb1b7a694082e439da2.tar.xz
kernel-crypto-d1208f70738c91f13b4eadb1b7a694082e439da2.zip
NLM: nlm_privileged_requester() doesn't recognize mapped loopback address
Commit b85e4676 added the nlm_privileged_requester() helper to check whether an RPC request was sent from a local privileged caller. It recognizes IPv4 privileged callers (from "127.0.0.1"), and IPv6 privileged callers (from "::1"). However, IPV6_ADDR_LOOPBACK is not set for the mapped IPv4 loopback address (::ffff:7f00:0001), so the test breaks when the kernel's RPC service is IPv6-enabled but user space is calling via the IPv4 loopback address. This is actually the most common case for IPv6- enabled RPC services on Linux. Rewrite the IPv6 check to handle the mapped IPv4 loopback address as well as a normal IPv6 loopback address. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r--include/linux/lockd/lockd.h10
1 files changed, 8 insertions, 2 deletions
diff --git a/include/linux/lockd/lockd.h b/include/linux/lockd/lockd.h
index 6ab0449bc82..80d7e8a8257 100644
--- a/include/linux/lockd/lockd.h
+++ b/include/linux/lockd/lockd.h
@@ -299,8 +299,14 @@ static inline int __nlm_privileged_request4(const struct sockaddr *sap)
static inline int __nlm_privileged_request6(const struct sockaddr *sap)
{
const struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
- return (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LOOPBACK) &&
- (ntohs(sin6->sin6_port) < 1024);
+
+ if (ntohs(sin6->sin6_port) > 1023)
+ return 0;
+
+ if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
+ return ipv4_is_loopback(sin6->sin6_addr.s6_addr32[3]);
+
+ return ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LOOPBACK;
}
#else /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
static inline int __nlm_privileged_request6(const struct sockaddr *sap)