From: David Zafman <david.zafman@inktank.com>
Date: Thu, 3 Apr 2014 20:01:11 +0000 (-0700)
Subject: rbd: Prevent Seg fault by checking read result in snap_read_header()
X-Git-Tag: v0.80-rc1~59^2~10
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=409999c3b2c194702645bf58bf20fe8dbd85268e;p=ceph.git

rbd: Prevent Seg fault by checking read result in snap_read_header()

Signed-off-by: David Zafman <david.zafman@inktank.com>
---

diff --git a/src/cls/rbd/cls_rbd.cc b/src/cls/rbd/cls_rbd.cc
index 9348d5d7ad59..065d82f35f46 100644
--- a/src/cls/rbd/cls_rbd.cc
+++ b/src/cls/rbd/cls_rbd.cc
@@ -115,7 +115,11 @@ static int snap_read_header(cls_method_context_t hctx, bufferlist& bl)
     if (rc < 0)
       return rc;
 
+    if (bl.length() < sizeof(*header))
+      return -EINVAL;
+
     header = (struct rbd_obj_header_ondisk *)bl.c_str();
+    assert(header);
 
     if ((snap_count != header->snap_count) ||
         (snap_names_len != header->snap_names_len)) {