auth: guard decode_decrypt with try block

This will catch buffer decoding errors (maybe the block is empty) and
return an error string.

May fix (or possibly paper over) #3459.

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Greg Farnum <greg@inktank.com>

diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h
index dfa2b2f0896f8d03aacf45ec7e70405b80ed7ddd..38e0616b501ed242e22e094b256828b0d8db6e7f 100644 (file)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -470,8 +470,13 @@ int decode_decrypt(CephContext *cct, T& t, const CryptoKey key,
                    bufferlist::iterator& iter, std::string &error)
 {
   bufferlist bl_enc;
-  ::decode(bl_enc, iter);
-  decode_decrypt_enc_bl(cct, t, key, bl_enc, error);
+  try {
+    ::decode(bl_enc, iter);
+    decode_decrypt_enc_bl(cct, t, key, bl_enc, error);
+  }
+  catch (buffer::error e) {
+    error = "error decoding block for decryption";
+  }
   if (!error.empty())
     return CEPHX_CRYPT_ERR;
   return 0;