Imported Debian patch 1.0.8+1.0.9pre1-1

[nfs-utils.git] / utils / gssd / svcgssd_proc.c

diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index 14b7f17c61bd0ded02a0885f8c14230bebbadc22..79f5f50d3c5a603bcdfa1475d055a112df19dd84 100644 (file)
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -200,7 +200,8 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
                        maj_stat, min_stat, mech);
                goto out;
        }
-       if (!(sname = calloc(name.length + 1, 1))) {
+       if (name.length >= 0xffff || /* be certain name.length+1 doesn't overflow */
+           !(sname = calloc(name.length + 1, 1))) {
                printerr(0, "WARNING: get_ids: error allocating %d bytes "
                        "for sname\n", name.length + 1);
                gss_release_buffer(&min_stat, &name);
@@ -219,8 +220,21 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
        nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
        res = nfs4_gss_princ_to_ids(secname, sname, &uid, &gid);
        if (res < 0) {
-               printerr(0, "WARNING: get_ids: unable to map "
-                       "name '%s' to a uid\n", sname);
+               printerr(0, "WARNING: get_ids: failed to map name '%s' "
+                       "to uid/gid: %s\n", sname, strerror(-res));
+               /*
+                * -ENOENT means there was no mapping, any other error
+                * value means there was an error trying to do the
+                * mapping.
+                */
+               if (res == -ENOENT) {
+                       cred->cr_uid = 65534;      /* XXX */
+                       cred->cr_gid = 65534;      /* XXX */
+                       cred->cr_groups[0] = 65534;/* XXX */
+                       cred->cr_ngroups = 1;
+                       res = 0;
+                       goto out_free;
+               }
                goto out_free;
        }
        cred->cr_uid = uid;