Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: a07f7ac44cacae01a70ddaee4b6440c9e8a59054

Blob Blame History Raw

From: Ilya Dryomov <idryomov@gmail.com>
Date: Fri, 27 Jul 2018 19:45:36 +0200
Subject: libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
Git-commit: f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f
Patch-mainline: v4.19-rc1
References: bsc#1096748

Allow for extending ceph_x_authorize_reply in the future.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Acked-by: Luis Henriques <lhenriques@suse.com>
---
 net/ceph/auth_x.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -736,8 +736,10 @@ static int ceph_x_verify_authorizer_repl
 	ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
 	if (ret < 0)
 		return ret;
-	if (ret != sizeof(*reply))
-		return -EPERM;
+	if (ret < sizeof(*reply)) {
+		pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
+		return -EINVAL;
+	}
 
 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
 		ret = -EPERM;

kernel / kernel-source

Source Code

Files