From: Yunchuan Wen <yunchuan.wen@kylin-cloud.com>
Date: Fri, 16 Dec 2016 08:12:16 +0000 (+0800)
Subject: admin-socket: fix potential buffer overflow
X-Git-Tag: v12.0.0~373^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=52deb168b29ab59ea90623301fee39eefabfea62;p=ceph-ci.git

admin-socket: fix potential buffer overflow

Add code to ensure cmd[pos] is valid memory.

Signed-off-by: Yunchuan Wen <yunchuan.wen@kylin-cloud.com>
---

diff --git a/src/common/admin_socket.cc b/src/common/admin_socket.cc
index 28c5620927b..d4492773261 100644
--- a/src/common/admin_socket.cc
+++ b/src/common/admin_socket.cc
@@ -315,7 +315,7 @@ bool AdminSocket::do_accept()
   }
 
   char cmd[1024];
-  int pos = 0;
+  unsigned pos = 0;
   string c;
   while (1) {
     int ret = safe_read(connection_fd, &cmd[pos], 1);
@@ -353,7 +353,11 @@ bool AdminSocket::do_accept()
 	break;
       }
     }
-    pos++;
+    if (++pos >= sizeof(cmd)) {
+      lderr(m_cct) << "AdminSocket: error reading request too long" << dendl;
+      VOID_TEMP_FAILURE_RETRY(close(connection_fd));
+      return false;
+    }
   }
 
   bool rval = false;