diff options
author | Ilya Dryomov <idryomov@gmail.com> | 2018-07-27 19:45:36 +0200 |
---|---|---|
committer | Ilya Dryomov <idryomov@gmail.com> | 2018-08-02 21:33:26 +0200 |
commit | f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f (patch) | |
tree | 9622aae902ffee8fa1160ac12e364605f4f3cacc | |
parent | libceph: check authorizer reply/challenge length before reading (diff) | |
download | linux-f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f.tar.xz linux-f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f.zip |
libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
Allow for extending ceph_x_authorize_reply in the future.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
-rw-r--r-- | net/ceph/auth_x.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 462786f571e7..b52732337ca6 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -737,8 +737,10 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN); if (ret < 0) return ret; - if (ret != sizeof(*reply)) - return -EPERM; + if (ret < sizeof(*reply)) { + pr_err("bad size %d for ceph_x_authorize_reply\n", ret); + return -EINVAL; + } if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one)) ret = -EPERM; |