libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Allow for extending ceph_x_authorize_reply in the future.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>

Ilya Dryomov 7 years ago f1d10e04 130f52f2

+4 -2

1 changed file

expand all

net

ceph

auth_x.c

+4 -2

net/ceph/auth_x.c

··· 737 737 ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN); 738 738 if (ret < 0) 739 739 return ret; 740 - if (ret != sizeof(*reply)) 741 - return -EPERM; 740 + if (ret < sizeof(*reply)) { 741 + pr_err("bad size %d for ceph_x_authorize_reply\n", ret); 742 + return -EINVAL; 743 + } 742 744 743 745 if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one)) 744 746 ret = -EPERM;