]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e030ba4)
msg/async/ProtocolV1: fix locking around authorizer_buf 26803/head
authorSage Weil <sage@redhat.com>
Wed, 6 Mar 2019 23:40:48 +0000 (17:40 -0600)
committerSage Weil <sage@redhat.com>
Wed, 6 Mar 2019 23:40:54 +0000 (17:40 -0600)
Fix two problems:

- we are accessing authorizer_buf without the connection lock, and
  under the lock we are modifying it (in connect()).
- if we receive two connect_msg's with a different length, we won't
  have a buffer that's large enough.

Fixes: http://tracker.ceph.com/issues/38524
Signed-off-by: Sage Weil <sage@redhat.com>
src/msg/async/ProtocolV1.cc patch | blob | history

diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc
index 7fbd5c67c5896d5ee8385f3cdffc2b742fa0bc22..3857ed5c14d0838b3808427c63fd53fcb71aa6a1 100644 (file)
--- a/src/msg/async/ProtocolV1.cc
+++ b/src/msg/async/ProtocolV1.cc
@@ -1827,10 +1827,8 @@ CtPtr ProtocolV1::handle_connect_message_1(char *buffer, int r) {
 
 CtPtr ProtocolV1::wait_connect_message_auth() {
   ldout(cct, 20) << __func__ << dendl;
-
-  if (!authorizer_buf.length()) {
-    authorizer_buf.push_back(buffer::create(connect_msg.authorizer_len));
-  }
+  authorizer_buf.clear();
+  authorizer_buf.push_back(buffer::create(connect_msg.authorizer_len));
   return READB(connect_msg.authorizer_len, authorizer_buf.c_str(),
                handle_connect_message_auth);
 }
@@ -1914,17 +1912,18 @@ CtPtr ProtocolV1::handle_connect_message_2() {
                                       authorizer_reply);
   }
 
+  bufferlist auth_bl_copy = authorizer_buf;
   connection->lock.unlock();
   ldout(cct,10) << __func__ << " authorizor_protocol "
                << connect_msg.authorizer_protocol
-               << " len " << authorizer_buf.length()
+               << " len " << auth_bl_copy.length()
                << dendl;
   bool authorizer_valid;
   bool need_challenge = HAVE_FEATURE(connect_msg.features, CEPHX_V2);
   bool had_challenge = (bool)authorizer_challenge;
   if (!messenger->ms_deliver_verify_authorizer(
           connection, connection->peer_type, connect_msg.authorizer_protocol,
-          authorizer_buf, authorizer_reply, authorizer_valid, session_key,
+          auth_bl_copy, authorizer_reply, authorizer_valid, session_key,
          nullptr /* connection_secret */,
           need_challenge ? &authorizer_challenge : nullptr) ||
       !authorizer_valid) {
Unnamed repository; edit this file 'description' to name the repository.