summaryrefslogtreecommitdiffstats
path: root/net/ceph
diff options
context:
space:
mode:
authorIlya Dryomov <ilya.dryomov@inktank.com>2014-03-13 15:36:14 +0100
committerSage Weil <sage@inktank.com>2014-04-05 06:07:41 +0200
commit2d88b2e0819e0401ebb195e9fa20fab4be1965c8 (patch)
tree2158da23ebd745e0b58f477ca1400f1934da27c6 /net/ceph
parentlibceph: safely decode max_osd value in osdmap_decode() (diff)
downloadlinux-2d88b2e0819e0401ebb195e9fa20fab4be1965c8.tar.xz
linux-2d88b2e0819e0401ebb195e9fa20fab4be1965c8.zip
libceph: check length of osdmap osd arrays
Check length of osd_state, osd_weight and osd_addr arrays. They should all have exactly max_osd elements after the call to osdmap_set_max_osd(). Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com> Reviewed-by: Alex Elder <elder@linaro.org>
Diffstat (limited to 'net/ceph')
-rw-r--r--net/ceph/osdmap.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index ec06010657b3..c39ac624ccc3 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -745,19 +745,25 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map)
if (err)
goto bad;
- /* osds */
+ /* osd_state, osd_weight, osd_addrs->client_addr */
ceph_decode_need(p, end, 3*sizeof(u32) +
map->max_osd*(1 + sizeof(*map->osd_weight) +
sizeof(*map->osd_addr)), e_inval);
- *p += 4; /* skip length field (should match max) */
+ if (ceph_decode_32(p) != map->max_osd)
+ goto e_inval;
+
ceph_decode_copy(p, map->osd_state, map->max_osd);
- *p += 4; /* skip length field (should match max) */
+ if (ceph_decode_32(p) != map->max_osd)
+ goto e_inval;
+
for (i = 0; i < map->max_osd; i++)
map->osd_weight[i] = ceph_decode_32(p);
- *p += 4; /* skip length field (should match max) */
+ if (ceph_decode_32(p) != map->max_osd)
+ goto e_inval;
+
ceph_decode_copy(p, map->osd_addr, map->max_osd*sizeof(*map->osd_addr));
for (i = 0; i < map->max_osd; i++)
ceph_decode_addr(&map->osd_addr[i]);