keyring: catch key decode errors

Return EINVAL on decoding errors.

Other decode_base64() callers are already guarded.

Fixes: #2124
Signed-off-by: Sage Weil <sage.weil@dreamhost.com>

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index 84720d1d8cfbcf22251a88d8e3a50c8251c52bf2..ce479053b1b614aeee1c5305f09c041d42b93c4e 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -62,9 +62,15 @@ int KeyRing::from_ceph_context(CephContext *cct, KeyRing **pkeyring)
 
   if (!conf->key.empty()) {
     EntityAuth ea;
-    ea.key.decode_base64(conf->key);
-    keyring->add(conf->name, ea);
-    found_key = true;
+    try {
+      ea.key.decode_base64(conf->key);
+      keyring->add(conf->name, ea);
+      found_key = true;
+    }
+    catch (buffer::error& e) {
+      lderr(cct) << "KeyRing::from_ceph_context: failed to decode key " << conf->key << dendl;
+      return -EINVAL;
+    }
   }
 
   if (!conf->keyfile.empty()) {
@@ -80,9 +86,15 @@ int KeyRing::from_ceph_context(CephContext *cct, KeyRing **pkeyring)
       else {
        string k = buf;
        EntityAuth ea;
-       ea.key.decode_base64(k);
-       keyring->add(conf->name, ea);
-       found_key = true;
+       try {
+         ea.key.decode_base64(k);
+         keyring->add(conf->name, ea);
+         found_key = true;
+       }
+       catch (buffer::error& e) {
+         lderr(cct) << "KeyRing::from_ceph_context: failed to decode key " << k << dendl;
+         return -EINVAL;
+       }
       }
       fclose(fp);
     } else {