From: Ilya Dryomov Date: Thu, 12 Oct 2023 17:03:10 +0000 (+0200) Subject: pybind/rbd: don't produce info on errors in aio_mirror_image_get_info() X-Git-Tag: v16.2.15~165^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=0d32001b83002016fc5b3f411e5de4ff987fba10;p=ceph.git pybind/rbd: don't produce info on errors in aio_mirror_image_get_info() Check completion return value before attemting to decode c_info. Otherwise we are guaranteed to access invalid memory in decode_cstr() while trying to compute global_id string length when the client is blocklisted for example. Fixes: https://tracker.ceph.com/issues/63028 Signed-off-by: Ilya Dryomov (cherry picked from commit a81bd2db3af4d7b53736be8e42a3eaa53028d60c) --- diff --git a/src/pybind/rbd/rbd.pyx b/src/pybind/rbd/rbd.pyx index 5a11723df0fe..e2a22ef183a4 100644 --- a/src/pybind/rbd/rbd.pyx +++ b/src/pybind/rbd/rbd.pyx @@ -4510,13 +4510,18 @@ written." % (self.name, ret, length)) def oncomplete_(completion_v): cdef: Completion _completion_v = completion_v - rbd_mirror_image_info_t *c_info = _completion_v.buf - info = { - 'global_id' : decode_cstr(c_info[0].global_id), - 'state' : int(c_info[0].state), - 'primary' : c_info[0].primary, - } - rbd_mirror_image_get_info_cleanup(c_info) + rbd_mirror_image_info_t *c_info + return_value = _completion_v.get_return_value() + if return_value == 0: + c_info = _completion_v.buf + info = { + 'global_id' : decode_cstr(c_info[0].global_id), + 'state' : int(c_info[0].state), + 'primary' : c_info[0].primary, + } + rbd_mirror_image_get_info_cleanup(c_info) + else: + info = None return oncomplete(_completion_v, info) completion = self.__get_completion(oncomplete_)