From: Sage Weil <sage@redhat.com>
Date: Thu, 14 Mar 2019 21:46:21 +0000 (-0500)
Subject: mon: do not assert on bad auth payload
X-Git-Tag: v14.2.0~14^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7a2bb0f01eebd259ae7babbfa55cffa87afa97ad;p=ceph.git

mon: do not assert on bad auth payload

If we get garbage, fail to authenticate--do not assert out and crash.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 70c8b5476ffd..cd4cec304e06 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6195,10 +6195,22 @@ int Monitor::handle_auth_request(
     uint8_t mode;
     EntityName entity_name;
 
-    decode(mode, p);
-    assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
-    decode(entity_name, p);
-    decode(con->peer_global_id, p);
+    try {
+      decode(mode, p);
+      if (mode < AUTH_MODE_MON ||
+	  mode > AUTH_MODE_MON_MAX) {
+	dout(1) << __func__ << " invalid mode " << (int)mode << dendl;
+	delete auth_handler;
+	return -EACCES;
+      }
+      assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
+      decode(entity_name, p);
+      decode(con->peer_global_id, p);
+    } catch (buffer::error& e) {
+      dout(1) << __func__ << " failed to decode, " << e.what() << dendl;
+      delete auth_handler;
+      return -EACCES;
+    }
 
     // supported method?
     if (entity_name.get_type() == CEPH_ENTITY_TYPE_MON ||