libceph: Fix NULL pointer dereference in auth client code - linux

diff options

author	Tyler Hicks <tyhicks@canonical.com>	2013-06-20 22:13:59 +0200
committer	Sage Weil <sage@inktank.com>	2013-07-04 00:32:55 +0200
commit	2cb33cac622afde897aa02d3dcd9fbba8bae839e (patch)
tree	aac21aabd15adbffd377d62c677afaba2fb9296e /fs/ceph/super.c
parent	ceph: Reconstruct the func ceph_reserve_caps. (diff)
download	linux-2cb33cac622afde897aa02d3dcd9fbba8bae839e.tar.xz linux-2cb33cac622afde897aa02d3dcd9fbba8bae839e.zip

libceph: Fix NULL pointer dereference in auth client code

A malicious monitor can craft an auth reply message that could cause a NULL function pointer dereference in the client's kernel. To prevent this, the auth_none protocol handler needs an empty ceph_auth_client_ops->build_request() function. CVE-2013-1059 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Chanam Park <chanam.park@hkpco.kr> Reviewed-by: Seth Arnold <seth.arnold@canonical.com> Reviewed-by: Sage Weil <sage@inktank.com> Cc: stable@vger.kernel.org

Diffstat (limited to 'fs/ceph/super.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: